If you were to Google the phrase “stealth virus” in 2020, chances are the first result will be about a stealthy virus alright, COVID-19; however, that is not what we are talking about today…thankfully.
Instead, we are talking about another type of infecting virus, a form of malware that has been built by cyberhackers to avoid detection by antivirus and antimalware programs and hide on your computer in stealth mode. Believe it or not, stealth viruses have been infecting computers or their boot disks before you ever heard “you’ve got mail”.
They can hide in real files, boot sectors or other partitions without your computer system or you even knowing it’s there, allowing cyberattackers to take over control of the infected machine.
Basically, a stealth virus pretends to be one of your good and normal computer files going about its work; yet in reality, it is a malicious attacker waiting to enact a hostile takeover when you’re not looking.
Like all forms of technology, malware has evolved and become more sophisticated over the years using stealth techniques and becoming practically undetectable, leading the way for the first zero-day attacks.
Most cyber security defenses depend on a database of known viruses stored as signatures. It uses these signatures to compare against applications, files and behaviors to defend your computer systems. A zero-day attack is an attack that does not have a known signature to compare against by-passing whatever defense you have set up. According to WatchGuard Technologies, during the first quarter of 2020, 67 percent of malware was encrypted, delivered via HTTPS protocols. 72 percent of the encrypted malware was classified as zero-day.
VMWare’s Carbon Black report, which maps out their attack data according to the MITRE ATT&CK™ Framework, states that defense evasion behaviors were observed in nine out of 10 samples of malware that they analyzed. This indicates that cybercriminals are being more stealthy in their hacking endeavors. This behavior was observed in 95% of ransomware samples.
So what does this mean to real life businesses? How can we put this into perspective of what this threat could mean? Well, one of the biggest ransomware attacks of 2020 was the Magellan Health data breach that we discussed in our last article. This Fortune 500 company was a victim of Ransomware specifically as well as a secure data retrieval attack. Over 365,000 patients were affected by this attack. A class-action lawsuit has been filed against Magellan Health, citing that information compromised in the breach included names, contact information, employee ID numbers, W-2 or 1099 information (such as Social Security numbers or taxpayer ID numbers), treatment information, health insurance account information, member IDs, email addresses, phone numbers, physical addresses, and other health-related details, per the complaint. Could your business afford to be the victim of such a stealth virus attack?
Well, while we stated at the beginning of this article that we were in fact NOT talking about COVID-19 when we mention stealth viruses, the truth is that the 2020 pandemic has definitely been the fuel to flame the increase in these stealth attacks due to the increase in telecommuting it has caused. Many companies were so focused on getting remote employees connected to their networks it is likely that many shortcuts had been used that may have created security holes in a corporate network making the company vulnerable to attack. As a result, companies have been forced to review these deployments and strengthen cybersecurity measures to ward off stealth attacks by cybercriminals.
Theoretically, (according to PandaSecurity.com), if a stealth virus / zero-day attack were to be deployed via a social network with 2 billion users, it would take no more than five days to infect more than a billion devices.
So how can companies, who have been pushed to more remote work situations in 2020, protect themselves and their customers from these stealth attacks? To make sure that your critical data is protected from both inside and outside, work with an IT company, like CloudNexus Technologies, to assess and mitigate your risk. For a free preliminary Cybersecurity Analysis visit https://www.cloudnexusit.com.