Security

Malware-as-a-Service: A Crucial Reason Why Security Has Grown More Complex

1 December, 2020

We often talk about the idea that cybersecurity has become more important than ever. The threats have become more sophisticated, and the damages have grown larger. But we don’t often talk about why threats have become harder to deal with. One of the main reasons? Cybercrime has become big business. Today, we’ll talk about the trend of malware-as-a-service (MaaS), how MaaS affects the threat landscape, and what you can do to fight back.

Malware-as-a-service

Our Head Security Nerd, Gill Langston, recently published a blog about the widespread threat to hospitals and healthcare providers based on an alert issued by US-CERT. The threat uses the Ryuk ransomware family, which has been particularly popular over the past year. Gill’s article covers the attack timeline for how Ryuk attacks unfold, and we highly recommend checking out the piece if you’re interested.

But one of the interesting aspects of Ryuk—and some similar attacks—is they’re sophisticated, yet can be used by people without sophisticated hacking and coding abilities. The developers of Ryuk and similar attacks often do a lot of the serious heavy lifting, then sell access to the malware for a cut of the eventual profits. This lets the malware developers make money and reduce their risk of detection in the process.

This also means people without the means to create their own sophisticated attacks now have access to more powerful cyberweapons. In a way, the developers act as arms dealers, offering powerful malware or ransomware to a wider cybercriminal community. In short, more people can attack with heavy artillery than would otherwise.

Keeping ahead of the cybercriminals

However, while this trend certainly is bad news, there’s a lot on your side as an IT consultant or service provider. For starters, you’re not alone in dealing with these issues. So much of cybercrime crosses the boundaries between the corporate and national security worlds that government agencies often release free information to help organizations prevent attacks. As Gill mentioned in his blog, it’s worth getting on the mailing lists for some of these agencies so you’re aware when there’s a potential threat that could directly affect you. For example, you can sign up for US-CERT alerts from the Cybersecurity and Infrastructure Security Agency by going to their site, scrolling to the bottom of the page, and subscribing to the alerts.

Additionally, the fact that these attacks are widespread means security vendors innovate frequently to deal with these issues. While the bad guys have their incentives, our industry constantly adapts to changing circumstances and rises to the challenge. MSPs can do the same.

So how do you do your part? When it comes to working with your customers, you want to make sure you’re giving them full, layered security where you can. This includes:

• Endpoint detection and response

This may be one of the more important suggestions here—endpoint detection and response (EDR) needs to play a central role in your security stack. While some customers may drag their feet and stick with antivirus, shifting them to EDR really is in their best interest to help prevent these sophisticated attacks. EDR solutions can look for anomalies in endpoint behavior that could be deemed suspicious. For example, if something on the endpoint starts mass deleting files, it can flag that, alert your team, or even take action on your behalf. With more sophisticated attacks designed to bypass antivirus, adaptive, AI-driven protection may soon become mandatory. It’s worth strongly recommending EDR in the current threat environment (especially as we can expect this trend to only get worse).

• Email protection

Email protection also must be part of any layered security approach. A lot of attacks, particularly multistage, sophisticated cyberthreats, often start with an email. Someone opens an email, downloads an attached document, and the attack launches. Because of this, you don’t want to roll the dice by sticking with native email security—adding an additional, dedicated email security product can help you leverage threat intelligence and machine learning to help protect against potential threats.

• Cloud backup

With the ever-present threat of ransomware, you’ll want to have cloud backups off site. Even if you have an EDR solution that can roll back ransomware, you’ll still want cloud backups in in the event of a site loss due to a natural disaster or for insider threats such as mass deletion of files. It always helps to have a backup.

• Patching

We mentioned earlier how you’re not alone. Most software vendors work tirelessly to both prevent security flaws and, when they crop up, find and fix them. That’s why it’s crucial to do your own part and patch vulnerabilities when updates come available.

The shady business of cybercrime

Unfortunately, cybercrime is big business. As long as cybercriminals have strong financial incentives, they’ll continue finding new ways to compromise organizations. However, if you update your security controls to adapt to this new environment, you can substantially reduce your risk.

As mentioned in the post, one of the most important tools for dealing with this threat environment is endpoint detection and response. SolarWinds^® Endpoint Detection and Response uses artificial threat intelligence and behavioral analysis to flag and even respond to suspicious endpoint behaviors when they arise. This means that if a new, unseen threat crops up, SolarWinds EDR can alert you even if the wider security community isn’t yet aware of the threat. Learn more about SolarWinds EDR today.