Targeted attacks get a lot of attention. The idea of an attacker picking out a business specifically, doing research on employees and crafting specially targeted phishing emails to get inside a network is certainly intriguing.
But most of the threats your company will handle on a day-to-day basis are not targeted to your business specifically. And they can still do damage that eats up your company time and resources.
The vast majority of threats out there are commodity threats. These packaged cybercrime tools are bought and sold on the Dark Web, available to attackers who lack advanced skills but want to make a quick buck. They are not necessarily cutting-edge, but they are effective against systems that are not properly patched or that lack effective endpoint protection.
So if they lack precision and aren’t out to damage your company specifically, why should a company care about commodity threats?
Ransomware is a good example of why. And while ransomware has declined from its “most prevalent threat” status over the past year, it’s still a potent one that should not be ignored. It’s currently being used in a more targeted fashion, something businesses should definitely protect against, and it’s also still available in the wild as a bulk/commodity threat, says Sean Sullivan, F-Secure security advisor.
“A single endpoint hit by ransomware can lead to a thoroughly compromised network,” says Sullivan. “And as the criminals didn’t plan to hit a network, the malware may not be something that can be reversed by paying the ransom. Commodity ransomware has been known to repeatedly hit endpoints in some cases. The result was impossible to reverse, and even difficult to restore from backup as it makes it more difficult to determine what was lost.”
Cryptojacking, the trend that seems to be taking ransomware’s place at the top these days, should also be taken seriously, as it can eat up valuable computing resources and place burdens on hardware. And criminals prefer that their cryptominers infect businesses, says Paivi Tynninen, researcher in F-Secure Labs.
“The resources that normal users provide isn’t as good as a business’s data centers can provide,” said Tynninen in Episode 10 of our Cyber Security Sauna podcast. She says it’s become common to find business networks that are riddled with cryptomining malware. “They are infested with coin miners that are moving laterally from one computer to another, and in a matter of just minutes you have compromised the whole network.”
Keeping organizational endpoints from becoming part of a botnet is another reason to protect from commodity threats. An infection of malware that lets a criminal remotely take control of your organization’s endpoints can allow the bad guys to use them for any number of nefarious purposes – sending spam, launching DDoS attacks, cryptojacking, click fraud and more.
Commodity threats have plenty to gain from your business’s infrastructure, which will serve to enrich the criminals on the other end, says Bert Steppe, F-Secure Labs researcher. “Whether commodity malware enters an organization or a home user’s system, the motivation is usually money: paying the ransom in the case of ransomware or screen lockers, mining revenue in the case of cryptominers, or stealing money from someone’s bank account in the case of banking Trojans.”
The bottom line is that commodity threats cost businesses time. Every case requires review by somebody in IT. And lost time equals lost money and productivity. Spending time getting a laptop back online so an employee can get back to work also siphons energy that could be spent on bigger and better things. Like preparing for those deadly targeted attacks: Setting up a security awareness campaign, for example, to train employees to use proper password hygiene and recognize deadly phishing emails. Or setting up a reliable detection and response solution for the advanced attacks that will get through your perimeter.
Malware development has doubled since 2017, according to AV-TEST, with a jump in Windows, Mac, and Android malware. Add to that the statistic from the 2017 Verizon Data Breach Investigations Report that 51% of all breaches involved malware, and there are plenty of reasons to protect your business.
And plenty of reasons to put effective endpoint protection software in place.
“The job of endpoint protection is to secure against known threats and to provide technology that aims to block as many yet-to-be-known threats as possible,” says Sullivan. “And we do a very good job with that, more so than ever before considering the amount of threats currently in the wild.”
As you’ll see from our infographic, a well-rounded security program includes a combination of endpoint protection to block commodity threats and keep your networks clean, vulnerability management to find and patch software security holes, and detection and response to stop the advanced attacks that can do the most damage.DOWNLOAD INFOGRAPHICS