.jpeg)
The battle in the field of cyber security takes many victims, both from the side of the attacker and the defender. It was noted that the Emotet, Darkside and Revil criminal networks were successfully suppressed by the security community with the help of the authorities.
On the other hand, security industry victims also fell, such as Solarwinds, Kaseya and Log4J, which shows that even trusted security software distributions are not sterile from security threats.
Threat intelligence data, trends and details of Brightcloud Threat report 2022 is data that is collected continuously and automatically summarized from the Brightcloud platform which is the brain system of the Webroot protection system and Brightcloud services.
86.3% Unique Malware per computer and no antivirus detected
In fact, in 2020 to 2021, there was a decrease in malware attacking Windows systems by more than 58% and it is estimated that this trend will continue in 2022. Even though there is a 58% decline, Windows systems protected by Webroot still detect more than 1 million new malware everyday.
This is a rather surprising number and it is suspected that there are several causes. The first cause is the successful discontinuation of the organization behind the major cybercrimes Emotet, DarkSide and Revil, the migration of Windows 7 to Windows 10 which provides increased security for its users and changes in attack techniques where in order to avoid detection from antivirus programs, malware authors will avoid spreading new malware files that will be identified by traditional antivirus through conventional channels such as email, websites and file sharing.
But chose to inject running applications/system processes with new malware making it harder to identify and stop. This can be seen from the follow-up phenomenon where 86.3% of malware that was detected to infect computers was uniquely aimed at each computer that was attacked.
This means that from 100% malware that attacks every computer, 86.3% malware is unique because it uses evasion techniques and is only found on that computer. Only 13.7% of the same malware was found on other computers.
With this level of threat, traditional antivirus protection based on definition updates that rely on signatures and file hashes is less effective because it is only able to detect 13.7% of threats and the remaining 86.3% will escape and be able to carry out their actions freely.
The image below shows that the identified malware infects the .dll process and is detected by Webroot as W32.Malware.Gen or a generic malware alias has not been previously identified.
This explains why many computer systems that have been protected with updated traditional antiviruses are still often victims of ransomware attacks even though they have used polymorphic methods to detect new malware because malware authors specifically create new variants automatically to trick polymorphic detection every time they run their actions.
Since definition-based malware detection is easily overpowered by malware authors, new technologies and breakthroughs such as journaling and rollback systems can better protect against where any new, unrecognized processes are left running in a special bubble and closely watched with cloud detection and when discovered. the process/application performs a malicious action, then the process will be immediately terminated and all changes that have been made by the process have been journalized and will be reverted automatically by the rollback method.
Because of this highly dynamic nature, individual and business computer users can never be truly secure. MSMEs are always threatened with ransomware threats that evolve and add extortion actions where if the victim is not willing to pay for the data that is successfully encrypted, then the data will be disseminated to the public.
Due to the rapidly evolving evolution of malware threats and pace with antivirus protection technology where antivirus evasion/avoiding detection techniques are developing very rapidly. It is proven by the number of ransomware that still manages to encrypt systems that have been protected with updated traditional antiviruses.
So choosing the right antivirus protection is very important and it's not enough to just rely on well-known conventional solutions. Security protection must evolve to deal with security threats that also evolve.
