• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

Vaporworms – The Top Threat of 2019?  

February 6, 2019 By The Editor

Anyone that’s been paying attention knows that fileless malware has been on the rise for the past few years. But, did you know that we’re likely to see this infamous threat transform in new and menacing ways this year? Enter the Vaporworm. Just a few short months ago, the WatchGuard Threat Lab predicted that 2019 would be the year we’d see a new breed of fileless malware with self-propagating, wormlike characteristics. Now, it appears this prediction is already becoming a reality!

In his latest guest column for Help Net Security, WatchGuard’s Sr. Security Analyst Marc Laliberte explains the fundamentals of fileless malware and explores how and why Vaporworms will gain prevalence in the near future. Here’s a brief excerpt from the story:

“Unfortunately, this prediction seems to be coming true uncomfortably quickly. Just one short month after we predicted the unholy emergence of self-propagating fileless malware, researchers at Trend Micro discovered a fileless Trojan that seemed to present some of those very same characteristics.

First, the malware saved its malicious payload in the Windows Registry, a key-value database that Windows stores in memory. It then created a second registry entry that instructed the operating system to load the payload from memory and execute every time it booted, giving it persistence. To spread, the malware installed a copy of itself on any removable storage connected to the system (thumb drives, external hard drives, etc.).

While this malware was quite interesting in its combination of fileless execution and worm-like propagation using removable storage, it wasn’t a full-blown network worm like we saw spreading the Wannacry ransomworm in 2017. Network propagation is what differentiates a “good” computer worm from a “great” computer worm, at least when it comes to infection rates.

Network propagation also makes it incredibly difficult to root out every infection from an attack. Imagine a scenario where a nation state wants to siphon off engineering work from a foreign defense contractor. In the not-too-distant future, we could see an incredibly effective and dangerous malware attack that combines Wannacry’s rapid propagation with fileless malware’s ability to hide its presence. And as countless attack techniques have demonstrated previously, what starts with nation states usually trickles down to the civilian cyber-criminal world soon enough.”

For more information on Vaporworms, read the full article at Help Net Security or check out the original prediction from WatchGuard’s Threat Lab here on Secplicity.

Share This:

Related

Filed Under: Editorial Articles, Featured Tagged With: APT, cyber security, exploit, Hacking, Malware, Security breach, Software vulnerabilities

Comments

  1. Jassonmc says

    February 10, 2019 at 7:21 am

    Frankly, I use a common strategy to counter pretty much all malware.
    Here goes what protects your Windows users from 99.9% malware:
    Always login as unprivileged user
    Deny running of dangerous file extensions from user modiefieable drives/folder (like REG, PS1, EXE, CMD, BAT etc.)
    Firewall also outgoing traffic as strict as practical
    If possible, deny download via WWW or Email any MS Office docs with macros
    Patch Windows and your apps continuosly

    That streategy would have stoped former malware.

    Reply
    • Corey Nachreiner says

      February 13, 2019 at 1:31 pm

      Pretty good strategy, but hard one for some companies to live with. Removing local system privilege from users sometimes makes it hard for them to do many other legitimate things. Also, for exploit based fileless malware, which uses direct code injection to start, it may not prevent everything.

      Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
  • US National Cybersecurity Strategy
  • 3CX Supply Chain Attack
  • Here Come The Regulations

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • 3CX Supply Chain Attack
  • The NSA’s Guidance on Securing Authentication
  • Cybersecurity News: LastPass Incident Revealed, White House Issues Cybersecurity Strategy, FBI Purchases Leaked USHOR PII Data, and a Slew of Other Breaches
  • An Update on Section 230
  • Here Come The Regulations
View All

Search

Archives

Copyright © 2023 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use