Hackers are developing bespoke malware to target Fortune 500 enterprises
Data security is at the forefront of everyone’s mind with GDPR implemented and a shocking 20% rise in enterprise information leaked onto the dark web.
Despite taking relevant precautions, there are always going to be hackers who relentlessly conjure up new tactics to steal your business data.
Most recently, there has been a monumental increase in dark web listings for bespoke malware and hacking tools that target sector-specific large enterprises and small to medium enterprises.
Bespoke malware trends rise on the dark web
A study by the University of Surrey, which researched dark web interactivity with cybercriminals, found the dark web to be a source of tailored malware.
The study also highlighted the criminals’ extensive knowledge of networks, email systems and protocols, which suggests these hackers are experienced and have spent time inside business networks.
Mike McGuire, Senior Lecturer in Criminology at the University of Surrey, stated: "What surprised me is the extent to which you could obtain malware targeting enterprises, you could obtain operational data relating to enterprises.
“There seems to be an awareness and sophistication among these cybercriminals, to go for the big fry, to go where the money is, as a criminal, and the enterprise is providing that.
“What surprised me is just how easy it is to get hold of it if you want to."
Will your business be targeted?
So, what are the statistics? Despite all sectors being targeted, the likelihood of your business being affected is a game of chance if you aren’t prepared.
However, if we drill down into the statistics, we can see a trend forming.
While all sectors are targeted by hackers, finance and banking were at the top of the list, showing a staggering 35% of listings with sector-specific bespoke malware. Ecommerce enterprises come in a close second with 20%. Results also showed bespoke malware was detected for education, healthcare and media (ZDNet).
The research also found double the variations of malware targeting specific organisations, or those of a certain size or sector, compared to off-the-shelf malware.
So, what exactly does bespoke malware do?
In short and in many cases, bespoke tools are created with the intention to compromise business systems within a specific industry or even a specific, typically large, organisation. The bespoke malware will allow hackers to access infected machines remotely, bypassing firewall protection.
Once onto the infected machine, hackers can access data stored in unsecure areas and sell company data on the dark web.
And what makes this different from any other malware attack? These new custom attacks know exactly how your industry operates, what software is used and have been crafted to leave fewer clues (indicators of compromise – IOCs).
What can you do to help prevent a malware attack?
Firstly, you’re already one step ahead by becoming aware of bespoke malware and its capabilities, but the art of staying ahead of the game (cybersecurity) is about more than knowing about it. It’s all about protecting your systems, planning and building a roadmap for the future of your business security and having the right support in place to combat against advanced attacks as technologies develop.
Having knowledge at your fingertips and training is essential due to the complexity of security, but if you haven’t got the time on top of your day-to-day job to do this, that’s where managed IT services and security solutions like Sophos Intercept X come in.
Sophos Intercept X strengthens your organisation against a range of ransomware attacks such as Lockscreen, Teslacrypt, Cryptowall and more, protecting your business’ vital systems.
Having a managed services partner who understands your industry and has over 70 highly qualified security experts with a wide range of knowledge can also help your business when it comes to being protected against bespoke malware attacks.
Having the correct solutions in place will provide you with peace of mind, knowing a malware attack can often be prevented often before you are even aware there has been an attempt.