Why Signature-Based Malware Detection Falls Short

Posted: August 14, 2017 to Cybersecurity.

Tags: AI, Malware, Data Breach

We’ve constantly preached that cybercriminals were going to evolve their methods, and the cows have come home. We recently told you about a new type of malware that works around detection by loading itself directly to a computer’s memory instead of as a file, and now we’ve got some more bad news for you. You might want to begin updating your devices and cybersecurity systems now, because by the end of this post you’ll be wishing they were as up to date as possible. Some basic forms of malware detection are signature and behavioral based. They work just as their names imply. Signature based malware detection works by scanning for signatures in code known to be present in malware. Behavioral does the same thing but instead of scanning for signatures it finds common malware behaviors and flags anything suspicious. For example, a signature based malware detection program would have a set family of malware that it would recognize, and anything it missed would be picked up by behavioral malware detection. In the past, that was a solid two pronged defense against malware. But the past was the past, and today signature and behavioral based malware detection simply can’t see malware anymore. Are we just being dramatic? You decide. The Institute for Critical Infrastructure Technology (ICIT) published a report titled, “Signature Based Malware Is Dead” that not only says that signature based malware isn’t enough to detect malware, but that AI will be needed in the future to detect malware. The problem is that hackers are creating new malware faster than the detections programs can be programmed to recognize them. The malware families that used to raised red flags have evolved into smaller families that can’t be detected. The report also says that new malware are changing their behaviors so that malicious behavior can’t be detected. Chances are you won’t be hit by a new, undetectable malware tomorrow, but this is a glimpse into the future of cybercrime. Now you get to choose whether you, your family, and your company will sink or swim. As mentioned, the report recommends that AI programs for malware detection. Even though AI is better prepared to recognize new forms of malware, it’s not readily available to everyone and isn’t guaranteed to stop cybercrime either. So what can you do to protect your data? The easy answer is to never let malware in. Remember, hackers have to force their way into your network, and that usually means taking advantage of your ignorance. Whether it’s through a phishing email or by taking advantage of a few moments where you leave your device unattended, you’re the one that lets a hacker in. But that’s just the easy answer. The best answer we can give you is to educate yourself on cybersecurity. Even if you’re going to hire someone to protect your files, you need to know what certifications not only make IT professionals credible but suite them specifically to your industry. By simply knowing simple cybersecurity details like current phishing trends and the signs of malware on your device, you’ll be way ahead of the average person. For example, according to the ICIT report, the average data breach goes on for 229 days before the victim realizes something is wrong. At that rate, every compromised record costs the victim $158 on average. When it comes to cybersecurity, time really is money. Will you invest time to learn about cybersecurity today or wish you had tomorrow? You don’t have to be a coding prodigy to know how to protect yourself, stay tuned for more updates on signature based malware detection and everything cyber.

Protect Your Business Today

Petronella Technology Group has provided cybersecurity, compliance, and managed IT services from Raleigh, NC for over 23 years. Contact us today for a free consultation and technology assessment.