Cybercrime continues to increase due to the single cause of the coronavirus pandemic, and the damage caused by cybercrime worldwide is increasing.$ 2021 trillion annually by 6Is expected to reach.
In particular, the status of malware detection is increasing year by year, accounting for a high proportion both in Japan and overseas. Ransomware, for example, remains a threat even with low detections. Operators are allegedly launching new features in malware that target larger targets and should continue to be vigilant.
table of contents
1. What is malware?
Malware is an abbreviation for Malicious software, which is a general term for "harmful software." Malicious software is said to have its own purpose, and the risk of infection is very high.
The report (2019 edition) released by the European Union Agency for Cybersecurity (ENISA) also shows the threat of malware for the second consecutive year.
ENISA Threat Landscape Report 2018
https://www.enisa.europa.eu/publications/enisa-threat-landscape-report-2018
https://www.enisa.europa.eu/topics/threat-risk-management/threats-and-trends/enisa-threat-landscape
1-1.2019. Major Malware Statistics for XNUMX (Reference Information)
Even in the statistical results of AV-TEST (German security software evaluation agency), the number of malware detected is clear..
· 350,000 new malware continues to be detected daily
・ More than 70 billion reports of malware attacks
・ The existence of more than 9 million malware programs has been confirmed.
・ Every minute, four companies are hit by ransomware attacks
Malware (AV-TEST)
https://www.av-test.org/en/statistics/malware/
1-2. Types of malware
Malware has criminal characteristics such as fraud, phishing, hijacking, and ransom demand, and is at high risk. Internet connection is next to these dangers (crimes). Here are some excerpts of the main types of malware.
・ Worm… It is an independent program and spreads by self-proliferation (replication).
-Trojan horse: Remotely control the system, steal or damage information (backdoor type is also a type of Trojan horse)
・ Spyware: Collects user's personal information and behavior history and sends it to a specific location without permission
・ Botnet: Maliciously invades a computer and remotely controls it as instructed by a third party.
・ Ransomware: Makes the terminal unusable (encrypted) and demands a ransom
・ Scareware… Arouses the fear of users and robs them of money and personal information
・ Adware: Frequently displayed advertisements and homepage changes. Some collect information and send it to the outside without notification.
・ Some form of exploit ... A program that exploits vulnerabilities to attack
It is necessary to reaffirm that there is such a criminal act and protect the terminals around us (computer devices including PCs, smartphones, tablets, etc.).
Malware Report | Malware Information Bureau-Eset (Canon Marketing Japan Inc.)
https://eset-info.canon-its.jp/malware_info/malware_topics/
2. What malware is considered dangerous?
Malware is distributed and spread via spam emails containing malicious attachments. Among the malware, "Emotet", which is being watched closely, is said to have extremely high infectivity and spreading power. Although its activities have been confirmed since at least 2014, it has continued to change its shape in line with the times and is now a platform for distributing (infecting and spreading) major malware.
The Emotet botnet sends a Word document containing malicious macros and installs Emotet on your computer when the recipient enables file editing for content verification. Since Emotet is often transmitted with Trojan horses and ransomware such as information theft and ransom demand, it is necessary to suspect that other infection risks have increased when Emotet is found.
After February 2020, I took a breather, but recently it has begun to become active again. In August 2, malicious attachments switched to a new template named "Red Dawn" to spread the infection, and cybersecurity agencies around the world warned of a surge in Emotet attacks. I will. In Japan, the Information-technology Promotion Agency has released the "Observation Status of Attack Resumption" to call attention.
About emails aimed at infection with a virus called "Emotet" (Information-technology Promotion Agency)
https://www.ipa.go.jp/security/announce/20191202.html
* Added "Observation status of attack resumption". See (July 2020, 7)
https://www.ipa.go.jp/security/announce/20191202.html#L13
* See the rapid increase in consultations / examples of attacks using ZIP files with passwords (added on September 2020, 9).
3. What happens if you get infected with malware?
It's important to avoid opening suspicious emails and documents, but there are some common signs that if you do open them and your computer is infected with malicious software.
· Change preferences (new toolbar, search engine, default language change, etc.)
・ Many pop-ups are displayed that keep displaying advertisements even when you are not connected to the Internet.
・ Antivirus program does not start, computer sends e-mail without permission
・ If you enter the URL to a specific website, it will move to another location.
Be careful if your device behaves differently than before.
Steps to take when malware infection is found(Microsoft Security Response Center)
https://msrc-blog.microsoft.com/2020/07/01/20200702-respondingmalware/
4. How to review resistance to malware?
In order to fix vulnerabilities, it is desirable to respond as soon as an update is released, so check whether the version of each OS, security software, browser, and other applications is the latest. However, there may be some deficiencies in the operation of certain applications, so if you are a company, follow the instructions of your IT administrator.
Mobile security software must also be installed on mobile devices. Spam and phishing scams are also rampant. Please note that smartphones and tablets without security measures are very vulnerable to exploits.
4-1.Malware infectionTo prevent (take measures)
・ Keep software (including security software) and applications up-to-date
・ Set a password on the terminal
・ Do not open strange emails
・ Be careful of emails with attachments
・ Do not click pop-ups etc. unnecessarily
・ HTML format mail will not be opened (Email reception is displayed in text format)
・ Scan suspicious files with security software
· Regular backups, etc.
Not only can you take measures at home, but you also need to protect your company's IT resources individually. You need to be especially careful when handling email. It is also important for companies to isolate more quickly when an endpoint / end point that is in close contact with the internal / external network is infected.
5. How to get to know cyber attacks quickly?
As cyber attacks targeting users become more sophisticated, it is difficult to prevent all attacks and eliminate infection damage with proactive measures and prevention. Therefore, what is important is early detection and early removal. The presence of malware, vulnerabilities, intruder information (IP addresses, signatures), exploits, etc. is evidence of an attack, and you should aim to detect them quickly and minimize their impact. Utilization of survey tools is an effective measure.
5-1. Examining suspicious symptoms with a free tool
Most of the tools provided free of charge by major manufacturers are for investigation only, but it is useful for quickly investigating whether a suspicious symptom is actually caused by an infection. It is also useful because it introduces how to troubleshoot and the tools needed to remove it.
1) Microsoft Safety Scanner (Microsoft)
The Safety Scanner can be used for 10 days after download and can be detected and removed.
2) VirusTotal (Google)
It only detects malware, but it makes it easy to check suspected files and websites.
3) Trend Micro Online Scan (Trend Micro)
It is a tool that detects malicious programs such as viruses in your computer.
https://www.trendmicro.com/ja_jp/forHome/free_trial/onlinescan.html
4) Threat Intelligence Portal (Kaspersky)
You can look up suspicious files, IP addresses, URLs, hash values, and more.
5-2. Malware analysis (for technicians) – IDA
High-performance disassembler technology is one of the indispensable reverse engineering for malware analysis and shellcode analysis. IDA is a disassembler and debugger software used for malware analysis and program vulnerability checking.
The IDA Home edition supports five major processors, including x86 / x64, ARM and MIPS, and the Professional edition supports more than 5 processors. You can also select compatible platforms such as Windows / Linux / MacOS X.
| ■ Click here for product details and inquiries IDA / High-performance disassembler Manufacturer (Hex-Rays SA.) Website |
5-3. Detects malware (for companies, universities and other institutions) – VirusTotal Enterprise
VirusTotal is a platform for analyzing suspicious files and URLs, detecting malware, and sharing information. Inspect items using over 70 antivirus scanners and URL / domain blacklist services, as well as a myriad of tools for extracting signals from surveyed content.
VirusTotal includes a free web service for everyone and a paid service, VirusTotal Enterprise, whose functionality is limited to premium users only. Here, we will introduce the Enterprise version.
VirusTotal Enterprise is divided into the following four editions (Starter / Basic / Professional / Enterprise).
The price of VirusTotal varies depending on the monthly settings such as the number of searches and the number of downloads. We offer an annual license with a 12-month contract.
Also, if a university user becomes a member of VirusTotal, the manufacturer will provide the right to use the VirusTotal Enterprise service free of charge for 2 weeks, so the usage period will be "1 year + 2 weeks (privilege)".
You can actually try it by applying for the free trial version (trial period 14 days).
FREE TRIAL
https://www.virustotal.com/subscription/signin-request
A two-week free trial is available upon request to gain insight into usage before selecting a subscription package.
The trial includes access to both VirusTotal Intelligence and the private mass API.
Registration is required before a free trial can be activated.
VirusTotal provides various add-ons (Add-ons). The API makes it easier to scan and check from uploading suspicious files and links (URLs). Some APIs are available to all users and some are restricted to premium users only. Please contact us if you would like to add a private API (add-on).
VTAPI
https://developers.virustotal.com/reference
* See Public vs Premium API
(VirusTotal File Feed / VirusTotal URL Feed / Additional Private-graph, etc.)
. 5-4 malware samples (for vendors) - VirusTotal Enterprise
"VirusTotal Intelligence", one of the functions of VirusTotal Enterprise, is an IOC (Indicator of Compromise, Security breach indicator) is useful for analysis. Search for sample files (samples) suspected of being malware uploaded to the VirusTotal site from all over the world based on sample characteristics such as antivirus detection name, size, file type, binary content, behavior pattern, and drive-by download URL. A service that allows you to list and download those samples for scrutiny.
Analyzing the threat information of cyber attacks not only prevents known threats, but also discovers new types of malware more quickly, and is useful for predicting, predicting, and responding to new attacks and threats.
| Click here for product details and inquiries VirusTotal Enterprise Manufacturer (VirusTotal (Chronicle)) WEB site |
* Although these measures increase security, we do not guarantee that you will not be the victim of new aggressive malware abuse.
Security information (2)Now, I would like to introduce the list of reports for the first half of 2020.
