By Charles Leaver

Growing sophistication of malware calls for elevated endpoint management

It is no secret that malware poses a greater threat now than ever before. The unprecedented rise in cybercrime necessitates better endpoint protection measures for all users – individuals and enterprises alike. A recent study has affirmed the importance of data loss prevention methods by highlighting the growing ease with which malware worms its way into computing platforms.

Report: malware authors operate with greater influence and control
The RAND Corp. report found that the last decade has witnessed a proliferation of ever-strengthening malware, which appears to grow just as quickly as the technology it encroaches on, CSO reported. The problem that law enforcement faces in tracking cybercrime, though, is that it is so scattered in nature, which makes pinpointing the exact source of an attack often impossible. This criminal sophistication is not incidental.

As Lillian Ablon, one of the helmers of the study, pointed out, “These are highly sophisticated and organized groups often connected to traditional organized crime groups and sometimes with nation state.”

The fact that cyber attacks are often linked up with more traditional crime enterprises means the response to them has to be more cohesive and decisive.

An example of such sophistication: ATM malware that spawns quick cash
There are myriad examples of the sophisticated malware that the think-tank report talks about, but one particularly alarming strain is a piece of malware that attacks hardware via text message, according to Network World. The malware – nicknamed “Plotus” – is geared toward a certain kind of machine, though the specific iteration it targets is not yet known. Because the malware requires direct access to the machine to work, hackers are reportedly pinpointing standalone machines for attack, since they are easier to breach. In this way, the attack reflects what happens on a broader scale with malware: Criminals choose weaker targets that lack the endpoint protection software to deal with an incursion.

The most alarming development of Plotus, though, is the fact that it can now be controlled through text messages sent from a mobile device. In a world of malware that is difficult to trace, this advancement could place Plotus within the realm of the untraceable.

However, there is one element of the attack that places the criminals at significant risk, and that is the “money mule” phase. As that moniker suggests, the mule is the person sent to physically retrieve the stolen money from the breached endpoint. But these mules are at the bottom of the chain of command, and likely won’t lead to the mastermind.

“The master criminal knows exactly how much the money mule will be getting,” Daniel Regalado, a security analyst who examined the malware, said.

This malware threatens the security of the banking industry, and could lead to customers’ information getting breached.

Individuals, not just law enforcement, can fight against malware
Ablon told CSO that as law enforcement develops more advanced tactics to deal with hackers, the cybercriminals are making strides as well.

“Law enforcement really is getting better, but so are the participants in these markets,” she said. She also pointed to the fact that the sheer number of malware attacks creates a scenario where even taking down a large hacking operation will not do much to impede the overall flow of cybercrime.

Fortunately, police officers are not the only ones who can take proactive steps to fight cybercrime. By implementing the most stringent endpoint software on their systems, individuals and businesses can actively protect themselves and their data against a criminal incursion. Malware may rage on unencumbered, but that does not mean it has to impact you or your business.

Get the General Here