Back in 2014, security researchers discovered the Emotet banking Trojan—a piece of malware that acts as a downloader and dropper of other malware to exfiltrate sensitive data. And over the years, this malware has gained a reputation as “one of the most destructive and insidious financial Trojans in existence.”
What started as a threat to the financial sector has become a more widespread security concern. The U.S. Computer Emergency Readiness Team (CERT) went as far as to say that Emotet is among the most destructive malware to the private and public sectors, costing as much as $1 million per incident to recover from.
From incidents impacting the vital systems of Allentown, PA to attacks against North Carolina utilities, Emotet has become notorious for its impact outside of the financial industry—despite its label as a banking Trojan.
You can’t grow complacent with your security defenses.
With a multilayered approach to cybersecurity, you can safeguard your business against the bigger threat—a growing category of polymorphic malware.
Get to know the threat of polymorphic malware
One of the main reasons that Emotet is such a dangerous piece of malware is that it’s polymorphic.
Unlike traditional malware that contains fixed markers and patterns of code, polymorphic malware can transform itself every time it is executed. Signature-based anti-malware tools are unable to detect polymorphic threats because file names and encryption keys continuously change.
In the past, polymorphic malware was a rare, advanced threat. However, studies show that 97% of malware is now written with polymorphic elements, including auto-start registry keys, dynamic link libraries (DLL), virtual machine awareness, and more.
While the Emotet banking Trojan has been one of the most prevalent examples of polymorphic malware in terms of name recognition, it’s far from the only polymorphic malware to defend against. Other significant families include:
- Storm Worm: Malicious email attachments turned victim computers into bots, creating a botnet that created new versions of the polymorphic malware every 30 minutes. When it was discovered in 2007, the Storm worm accounted for nearly 10% of all malware infections globally.
- CryptoWall: Emerging during the height of ransomware’s rise, researchers discovered over 4,000 iterations of this polymorphic malware. By evading key cybersecurity systems, CryptoWall ransom payments cost companies hundreds of millions of dollars in 2015 alone.
- Virlock: Its staggered approach to payload decryption makes this polymorphic ransomware family stand out. By constantly decrypting and re-encrypting itself in memory, the malware always looks different to the cybersecurity tools that analyze data packets.
- Qakbot: This self-propagating polymorphic malware is similar to Emotet in that it falls in the family of banking Trojans that act like network worms. There are many different ways that Qakbot can execute. But in many cases, it takes a brute force approach to gain access to victims and uses PowerShell to run a credential-stealing tool on your network.
No industry is immune to the threats of polymorphic malware. Even the 2018 Olympics were hit by the polymorphic “Olympic Destroyer” malware, prompting a surprising reaction from Talos researchers:
“I have not seen a malware sample modify itself to include harvested creds before and I’ve been doing this stuff longer than I should admit. Polymorphic malware isn’t a new idea by itself, but I’ve never seen any examples of malware modifying itself to include harvested credentials.”
The most important thing to understand about polymorphic malware is that it’s constantly evolving and becoming more evasive. Defending your network isn’t about focusing on Emotet, Qakbot, or any other specific threat. Rather, you need an adaptive, multilayered strategy that protects your users and network regardless of the evasive tactics a polymorphic malware leverages.
Protect your network with multilayered endpoint security
For years, polymorphic malware has thrived against networks that are protected primarily by signature-based solutions. However, even as more advanced cybersecurity tools have entered the market, polymorphic malware has still prevailed.
Part of the problem is that so many cybersecurity strategies are rooted in perimeter defenses. To properly defend against increasingly-elusive threats, cybersecurity has to evolve beyond guarding the increasingly amorphous network perimeter and focus more on the endpoints through which most threats enter your organization.
Taking a multilayered approach to endpoint security can keep your data safe from even the most advanced polymorphic threats. Here are a few essential tools you should consider implementing to support a multilayered endpoint protection strategy:
- Advanced firewalls: One of the most common endpoint protection tools used to filter information entering your network through to an endpoint. Block malicious packets before they make it to your core network.
- Next-generation antivirus: Move beyond signature-based antivirus to identify threats without a virus database. The right tool will help you detect zero-day malware as well as polymorphic threats that would otherwise evade security solutions.
- URL filtering: Prevent users from accessing known-malicious or suspicious sites that could deliver polymorphic malware that slips through network defenses.
- Browser isolation: This is an essential layer for endpoint protection that safeguards web browsers and emails — the most prevalent attack vectors — against ransomware, zero-day threats, drive-by downloads, and more. Remote browser isolation (RBI), in particular, executes browsing sessions outside of your organizational network and sanitizes email attachments to shift potential risk away from your business.
These are just a few of the tools that make up effective endpoint protection. But to achieve a truly multilayered strategy, you need more than just tools. When you combine these security tools and strategies with a cultural focus on rigorous patching and employee education, you can keep the most advanced cyber threats at bay.
Don’t be intimidated by polymorphic malware and other increasingly-sophisticated cyber threats. Take the time to build a multi-layered defense strategy and you’ll be able to keep your sensitive data safe.