Computers infected with commodity threats, like adware, typically fall to the bottom of a security professional’s to-do list when figuring out what compromised machines should get remediated first. There are much more pressing issues to deal with, like zero-day threats.
Adware, click-fraud programs and other commodity threats are practically benign compared to targeted threats that can seriously damage a company. After all, how much danger can a program that floods your browser with ads really pose?
Turns out, a lot. In fact, companies should reconsider their lax approach toward handling non-targeted commodity threats. In a webinar on Tuesday, Sept. 20 from 1 p.m. to 3 p.m., Cybereason vice president Ashish Larivee and Forrester analyst Chris Sherman will talk about the elements of modern attacks, including the risks posed by non-targeted commodity threats.
Cybereason’s research has revealed several incidents in which attackers outfitted adware with components found in malware, significantly improving their ability to carry out harmful operations. In one incident, detailed in the Cybereason Threat Insight Report, attackers re-programmed non-targeted adware to communicate using domain generation algorithms and upgraded its persistence mechanisms. The upgrade was carried out after the attackers realized the adware had infected a major technology company.
And the most intriguing part of this attack? The adware’s creators weren’t interested in the organization’s extremely valuable intellectual property. They wanted to sell their access to the company’s network to criminal groups that specialized in data exfiltration.
The prevalence of commodity threats combined with the belief that these programs are low-risk threats make them the perfect gateway to carry out sophisticated attacks. According to the Cybereason Threat Insights Report, 82.7 percent of Cybereason’s customers had commodity malware on their endpoints.
In addition to discussing the risks posed by programs like adware, the webinar will also cover why IOC detection fails to reveal full attacks, what’s behind the shift to fileless malware attacks and how mutating ransomware evades traditional defenses. Reserve your seat now.
