Experts Comments On Dexphot Polymorphic Malware Detection

According to this link: (https://www.microsoft.com/security/blog/2019/11/26/insights-from-one-year-of-tracking-a-polymorphic-threat/,) A Dexphot campaign was first spotted in October 2018 affecting thousands of computers, with attackers upgrading the malware over the following months to a level that left little to analyse. The threat had a surge in mid-June this year, when it landed on tens of thousands of computers. Towards the end of the month the attacks subsided, less than 20,000 machines exhibiting Dexphot activity. By the end of July, the malware was seen on less than 10,000 machines every day.

For about a year, security researchers at Microsoft tracked the malware observing the combination of methods that let it slip through the cracks. Hackers used code obfuscation, encryption, randomised file names, and deploying malicious code in memory were some of the methods used to avoid detection.


EXPERTS COMMENTS
Dan Pitman, Principal Security Architect,  Alert Logic
November 28, 2019
Starting with educating users is the first protection, treating the root cause of infection being the best plan of attack.
"Detection of polymorphic malware and other threats that avoid traditional signature detection relies on a more behavioural analysis based approach on the endpoint and network. By monitoring for suspicious activity, such as contacting known command and control infrastructure or making requests on the network that are abnormal, the activity of a breach can be detected and the polymorphic malware fo ....
[Read More >>]
Alfie George, eryjerjye,  rhthrseh
November 28, 2019
Black Friday Deal
PureVPN Hot Black Friday Deal! PureVPN: - 5 Devices - 5 Years USD $1.32/mo Get a 5 years subscription to the world's most trusted VPN service. True peace of mind for at USD $1.32 a month. Source: https://www.purevpn.com/order Note: After you purchase, all needed information will be sent via email. ....
[Read More >>]
Javvad Malik, Security Awareness Advocate,  KnowBe4
November 28, 2019
The main issue with any form of attack is learning how the attack actually makes it into the organisation and blocking it at the root.
"Comprehensive detection controls need to be in place throughout the organisation. This should be enforced with reliable and up to date threat intelligence data that can be used to identify indicators of compromise (IoCs) and ideally have an orchestrated response. The main issue with any form of attack is learning how the attack actually makes it into the organisation and blocking it at the root ....
[Read More >>]
David Kennefick, Product Architect,  edgescan
November 28, 2019
Exploit a user or resource for the benefit of the attacker. This is why behaviour-based blocking is particularly successful here.
"There are additional complexities in detecting polymorphic threats. Its ability to change and adapt based on scenarios makes a formidable foe. Think of ED-209 vs T-1000, one is a blunt instrument and one can adapt to its scenarios. Dexphot is the T-1000 in this scenario. In order to protect from such threats, up to date signatures in your anti-malware technology are the first step. This, combine ....
[Read More >>]
Hugo van den Toorn, Manager, Offensive Security,  Outpost24
November 28, 2019
Chances are the malware would execute itself again, change its appearances and persist on its host system.
"Even for end-points the defense in-depth method applies. Such polymorphic threats are, although a technical masterpiece, hard to eradicate from your systems. In this case the sudden increase in processing utilization cause by Dexphot should be a give-away that something is wrong with an infected host. However, also on the endpoints you want to be able to prevent and/or detect the malware at any o ....
[Read More >>]

If you are an expert on this topic:

Dot Your Expert Comments

SUBSCRIBE to alert when new comments are posted on this news. :




In this article