Contact Us

|

Careers

|

Change Locale
close

The 5 stages of a malware attack (and what to do next)

Security | Posted on June 4, 2015 by Emily A. Davidson

It takes less than half a second for a user to unknowingly infect your network. In this blog post we cover the five stages of a malware attack, and how to analyze your environment for complete protection.

The new and creative ways malware is disguised

Malware only needs one entry point like a hijacked website or an email that contains a malicious download link. According to Sophos, malware attacks some from:

Invisible 0x0 pixel iFrame: Also called a drive-by download, the user automatically downloads malicious web code when visiting a web page.

Darkleech: a rogue Apache web server module that allows attackers to inject malicious iFrames into websites.

Stolen login credentials: You already know how easily passwords are guessed or obtained!

Elaborate Traffic Distribution Systems (TDS): Once the download reaches the browser, the TDS creates multiple redirects that are impossible to blacklist. Sutra is a popular TDS and available for $100 and offers more than one million clicks per hour on a low-end server.

Fake updates: Designed on the coattails of large security patch releases or software updates (think Heartbleed bug removal or Java update) these ‘updates’ spread through large swaths of users through effective SEO

Video player: A shortlink on facebook takes users to a video player that, when clicked, prompts the user to download an update to Chrome video player. The file is detected at TROJ.KILIM.EFLD.

These are just a small handful of creative ways that hackers will try to infect your network. Once one file gets in, often automatic emails are sent to the users’ contact lists, spreading the malware through a trusted host.

The 5 stages of a malware attack

What really happens behind the scenes when one of your users executes malware on their OS? In the chart below, Sophos describes the five stages of a malware attack, along with some useful data on how prevalent (and easy to find) malware really is:

Sophos Endpoint Security Infographic Malware

How to gain complete control of your endpoints

Blocking malware is only one part of a total endpoint protection solution. So how do you determine your own requirements and identify a vendor that will meet your unique security needs? As you evaluate your endpoint security posture (and the products available) you should ask the following questions:

  1. What is involved in deploying the solution and configuring it for optimal or “best practice” protection?
  2. What steps are required to add exceptions to policies (e.g., allowing a specific USB drive to be accessed or a specific website to be visited)?
  3. What impact (performance and usability) will the product have on end users?
  4. What level and hours of support are included standard with the product?
  5. How has the product evolved recently to protect against new, advanced threats?
  6. Does the product provide web protection and filtering, even when users are off the corporate network?
  7. What bundles or suites are available that can extend the endpoint product to more completely protect users and data?
  8. What are the vendor’s plans for integrating products and technologies to deliver better, more comprehensive and simpler to manage security?

How Sophos Endpoint Protection stands out from the crowd

Endpoint protection is more than just malware, and there are several features that must be in place to make up a holistic security solution. The chart below, from Sophos’ Endpoint Buyers Guide, compares the features you’re looking for, against the other major security players.

Sophos Endpoint Security Comparison Malware

As you can see, only Sophos and Intel Security offer the most complete protection for your environment, and here are the areas where Sophos may offer a little extra value for your investment:

  • Category-based web filtering enforced on and off the corporate network
  • Point-and-click blocking of applications by category or name
  • Managed access to removable media and mobile devices
  • Data Control Data loss prevention (DLP) using prebuilt or custom rules
  • Optional mobile device management and security
  • Your choice of cloud-based or on-premise management

Also, the tool is very simple, see the dashboard for yourself with these screenshots. Available on or off-premise, the choice is flexible for security managers looking for a solution with all possible features.

Sophos Cloud offers web-based access to a unified console with policies that follow users across devices and platforms. Our on-premise solution gives you granular control, with role-based administration and an SQL-based reporting interface. Both deliver outstanding performance and protection licensed per user, not per device.

Get a free trial from Sophos and Softchoice

With dedicated Sophos expertise Softchoice has the strength of partnership and depth of knowledge to help you get the endpoint protection solution that will protect your users from the most creative malware attacks. Get a free trial here!

To learn more, reach out to your Softchoice Account Manager, or Chris Walsh.

Related Articles

Cloud | December 11, 2019 by Karly Pierce

IT organizations have seen too much of their time consumed by non-strategic tasks. This comes at great cost to their bottom lines and cloud transition strategies.  In fact, a 2018 Stripe survey found that between dealing with bad code, technical debt and various refactors or modifications, most of the typical developer workweek was wasted.   That […]

Cloud | November 28, 2019 by Ryan Demelo

Among the biggest obstacles to IT resilience is the “data dilemma.”  That data has become “the new oil” is a well-worn cliché by now. But clichés earn that status because they originate in the truth. And it’s true that today, data drives the decision-making that moves businesses forward. Protecting it is more important than ever. […]

Cloud | November 14, 2019 by Ryan Demelo

Protect the data and applications critical to your business.   Data has a significant impact on the way we do business, enabling innovation, defining how we engage our customers and expand our ability to generate revenue. With IDC forecasting that by 2025 the global data sphere will grow to 175 Billion Terabytes of information, businesses will need to be more strategic and efficient in the way they manage – and protect – their data.  The increase in global cyberattacks is a […]