Advanced Malware

Survive the Epidemic of Advanced Evasive Malware

Whether as old-fashioned virus attachments in email, trojans delivered through network attacks, or modern ransomware forced through drive-by download web attacks, malware has long been the bane of IT organizations.

Researchers identified more that 500+ evasion techniques in use today (Lastline)
More than 140 million new malware variants are created each year
97% of executable malware found on endpoints was new enough to not have an AV signature (Webroot)

So what is advanced malware and how does it work?

As the name suggests, malware is software designed to infect a computer to perform a variety of malicious actions. After exploiting technical or human vulnerabilities in your environment, an attacker will deliver malware to compromise your users’ computers for the purpose of stealing or denying access to information and systems. Antivirus (AV) solutions were introduced to combat known malware files by identifying them using distinct patterns we call signatures. While these solutions are still useful for quickly preventing a certain threshold of basic malware, they’re insufficient at detecting the more common evasive and advanced malware samples seen today, as they rely on human or automated systems to find, analyze, and update a database of malware signatures.

What’s more, modern malware is more adaptive than ever and able to change the way it looks to evade signature-based detection. Using methods the criminals call “packing and crypting,” attackers can repeatedly change a malware file on a binary level, making it look different to antivirus software. Even though the malicious executable still does the exact same thing, it looks like a new file, resulting in AV products missing a piece of malware that they previously knew about. With hundreds of millions of new malware variants discovered each year, signature-based antivirus simply cannot keep up.

How can you defend against advanced malware?

The ever-evolving nature of malware necessitates a new approach to prevention. Advanced malware detection solutions that can identify new malware as early as possible, like Threat Detection and Response (TDR) and APT Blocker from WatchGuard, are essential to defending your organizations against these threats. Both solutions are designed to identify unknown and evasive malware by looking at how the malware behaves, instead of relying on a database of known malware signatures. APT Blocker emulates a host computer in a next-generation sandbox to proactively catch new malware variants. Using a lightweight Host Sensor, TDR provides visibility into potentially malicious behaviors occurring on an endpoint and correlates this information with event data from the network to deliver a comprehensive threat score to guide remediation. What happens when a threat is scored as suspicious? Now, thanks to a tight integration with TDR, you can triage threats buy sending suspicious files directly from the Host Sensor to APT Blocker for deep analysis and re-scoring.

How to Prevent Advanced Malware

Icon: WatchGuard WebBlocker

WebBlocker is a fully integrated, powerful, and easy-to-use security service to manage web access and content for strong web surfing controls. This module blocks malicious sites that could house ransomware, preventing successful malware downloads.

Learn More

Icon: WatchGuard APT Blocker
APT Blocker

APT Blocker is a dynamic, next-generation cloud sandbox service that detonates files in a virtual environment to determine if they are malicious. It provides last-mile protection against advanced malware and zero day threats.

Learn More

Icon: WatchGuard Threat Detection and Response
Threat Detection & Response

Threat Detection and Response is a powerful collection of advanced malware defense tools that correlate threat indicators from Fireboxes and Host Sensors to stop known, unknown and evasive malware. Threats are scored based on severity to guide remediation.

Learn More