You are here

Advanced Malware

Advanced malware is sophisticated, carefully crafted code written by well-funded cybercriminals, hactivists, and even nation-states to carry out attacks against a specific target, such as an organization or a particular group of individuals.

The malware is complex—it uses multiple techniques to infiltrate a network infrastructure, can target multiple attack vectors, and can persist over time. Its mission is to extract valuable data, such as intellectual property or financial data, or bring an organization to its knees. This highly customized code often hides silently for a period of time before it strikes. It may also automatically adapt to different conditions.

Savvy cybercriminals are familiar with security technologies and write advanced malware so that it evades traditional, signature-based defenses like antivirus. Even sandboxing is ineffective because it generally doesn’t operate in real time, so the malware can be wreaking havoc in the meantime.

History of Advanced Malware

Significant instances of early malware go back as far as the mid-1980s when the first PC virus was released. Increasingly destructive malware followed, but generally the objective behind the distribution of this malicious code was notoriety and mischief. Though it is difficult to pinpoint precisely, the first instances of cybercrime occurred around the late 1990s with crimeware tools like keyloggers, session hijackers, and transaction generators that enabled cybercriminals to commit financial fraud.

Pervasive Internet connectivity, increased trust in online transactions, and social media created a fertile opportunity for organized cybercriminals to carry out large-scale, targeted cyber attacks. Roughly around 2009, serious breaches carried out by sophisticated threat actors were gaining media attention—and every year since, cybercriminals continue to refine their techniques and develop advanced malware that defeats traditional security measures.

How Advanced Malware Works

  1. Malware can be introduced to an endpoint in various ways—a drive-by or intentional download from a website, e-mail attachments, pop-up windows that entice users to download fake antivirus programs, software installation that may hide unwanted programs, and infected files on USB devices—to name a few.

  2. Various evasion methods are used to introduce and distribute malware. These include bundling malware with legitimate files, obfuscation or packing to change the binary signature, anti-debugging to prevent code from being analyzed by a sandbox, and targeting malware to execute only on a specific system at a specific time.

  3. After executing on the targeted device, malware initiates communication with the attacker’s command-and-control (C&C) server for further instructions, setting the stage for data theft or network disruption.

  4. Data can be captured as it passes through the infected endpoint—or the endpoint may be connected to a botnet to launch additional attacks against databases or servers. In a denial-of-service (DoS) attack, botnets are used to generate a huge volume of traffic for the purpose of overwhelming an organization’s bandwidth and bringing down its website.

Notable Headline-Generating Advanced Malware Attacks

CryptoLocker Ransomware (2014)

This damaging malware encrypted important files on Microsoft Windows PCs and held them for ransom. According to the BBC, 500,000 individuals were victimized by CryptoLocker, and 1.3% paid ransom to retrieve their files. Perpetrators earned approximately $3 million. The FBI and international law enforcement agencies worked together to disrupt the crime ring in May 2014.

Facebook (2013)

The Zeus Trojan, ZBOT, was used to appropriate online banking information and logins from Facebook members, and cybercriminals used these credentials to drain bank accounts.