Cyber Defense eMagazine July 2020 Edition

More variants: 439,000 new malware variants were detected in 2019. That’s a 12.3% increase over the
previous year.
More capable: Modern malware threats are far more capable than the old viruses spreading through
illegal copies of software distributed via floppy-disks. Today’s malware can steal passwords, exfiltrate
sensitive data, encrypt and delete data, and much more.
Harder to detect: Malware authors work hard to make their software difficult to detect. This includes hiding
it in legitimate documents (aka “weaponizing” Word, PDF and Excel documents), utilizing detectionevasion
mechanisms (like avoiding execution in sandboxed environments), and using legitimate software
update mechanisms, all to make the work of the defenders harder.
More aggressive: Some malware types are extremely aggressive; they scan for open RDP ports, bruteforce
their way onto a device, and then move laterally within the organization’s network, abusing
password-protected servers and seeking sensitive data, all without the knowledge of the victim.
Fast: contemporary malware is extremely fast and works at machine-speed to bypass protection
mechanisms and achieve its goals—ransomware like “WannaCry” disabled entire organizations in
minutes.
Adopting Cybersecurity Response to Fight Covid-19
To mitigate today’s plethora of rapidly evolving cyber threats, the cybersecurity industry has developed
several methodologies. These (after adaptation) could be used to reduce the spread of malicious
software and to mitigate its effects. I will refrain from discussing the obvious virus/Anti-virus analogy.
Obviously, a vaccine for a computer “virus” would be the answer, but estimates suggest that such a
vaccine would not be available in the next 12-18 months, and there’s a lot we can do until then:
Zero trust policy- A methodology that defies the traditional security assumption that everything inside the
perimeter (protected by the firewall) is trusted. The main principle of Zero Trus is “never trust, always
verify”. This means that every user is asked to verify their credentials every time they wish to “enter” the
organization and that every file and process are being constantly monitored – even if they have been
“authorized” to run on the computer.
In a similar manner, humans should consider that other humans are carriers, and only “trust” them after
they have been tested negative (or at the minimum, have had their temperature taken).
Detection beats prevention: following a similar line of thought, most organizations today operate under
the “Assume a Breach” paradigm. Instead of striving to identify and mitigate 100% of threats 100% of the
time, they assume that some threats would be able to infect them and concentrate their efforts on quickly
finding these and stopping them before they could do more harm.
Similarly, it is prudent to assume that humanity would not be able to vanquish this virus, and we will be
playing “whack-a-mole” with it for the foreseeable time. Given that this is the case, it’s prudent to invest
in rapid detection of the infection (quick detection kits, even home detection kits), ensure those that are
sick are given quick treatment, and continue to monitor the entire population for outbreaks.
Cyber Defense eMagazine –July 2020 Edition 71
Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.