Barracuda Networks recent study says that the year 2019 has so far witnessed a rise in the use of modular malware. The research carried out by the security and networking services provider has identified more than 150,000 malware files distributed by emails attacks in the past 5 months of the year.
Technically speaking, Modular malware is a kind of advanced cyber threat that attacks a computer at diverse stages.
Developers have updated it with such sophistication that it obscures itself from threat monitoring systems and starts scouting the system and network security. Then it gathers details such as who is the admin of the system, the protections running on the system, vulnerabilities which can be exploited and wisely estimates the success rate to exploit those susceptibilities. The modular malware then starts contacting the command and control server or botnets and starts acting on the controls provided by the developer.
Security analysts say that the developers of modular malware create such malevolent software solutions with a lot of benefits. Firstly, they can quickly change the malware signature to hide-out from antivirus and other cyber threat monitoring solutions. Secondly, authors will have the privilege to act on specific targets and earmark precise modules and lastly, they can hibernate the malware till the right time comes to launch it.
Campbell based Barracuda Networks emphasizes that such malware is often distributed as attachments which can be sent via email. They are highly customized and so can be automatically installed or obfuscated to be installed from an external source.
As the development of modular malware is rapidly evolving, employing a multi-layered security solution might prove as a great protection strategy to cyber defense-line. That’s because all technical and human gaps can be closed with such service deployment, thus helping to mitigate cyber risks to a great extent.
Backing up data to recover if and when needed will also prove strategically effective. Protecting email gateways with automated threat detection software will help validate risks in time and prevent email and domain spoofing scenarios.