Nastiest Malware

Nastiest Malware Q&A 2020

  • 26 October 2020
  • 15 replies
  • 534 views
Nastiest Malware Q&A 2020
Userlevel 7
Badge +48
  • Community and Advocacy Manager
  • 1663 replies

Welcome to this year’s Nastiest Malware Q&A with our security analyst, Tyler Moffitt.

Today, he’ll be available to answer your questions on the latest malware featured in our latest Nastiest Malware list. For a quick refresher, you can check out our infographic too.

To get answers to your questions, just ask away in the comments below.

Go back to the Nastiest Malware Hub


This topic has been closed for comments

15 replies

Userlevel 1

This was a very helpful post, many thanks for this.
Having these kind of posts really keep me updated.
What is webroot plan to face these threats?

Should i do anything extra from my end toward our clients?

 

Kind Regards

 

Simon

Userlevel 7
Badge +48

This was a very helpful post, many thanks for this.
Having these kind of posts really keep me updated.
What is webroot plan to face these threats?

Should i do anything extra from my end toward our clients?

 

Kind Regards

 

Simon

Thanks for your questions, @simonz ! We’ll be sure to have Tyler answer this next week. 

Userlevel 7
Badge +17

Helpful, and very scary at. the same time. Thank you Drew

Userlevel 7
Badge +48

Ok, thank you to everyone who has already submitted their questions and who are here with us today! We’ll get started in a little bit. 

Userlevel 6
Badge +14

This was a very helpful post, many thanks for this.
Having these kind of posts really keep me updated.
What is webroot plan to face these threats?

Should i do anything extra from my end toward our clients?

 

Kind Regards

 

Simon

Thanks Simon!

We’re on top of all these threats as always. But it’s always a good idea to make sure you’re doing what you can. Locking down RDP and disabling macros for most users will greatly help an organization of any size. 

Userlevel 7
Badge +48

Time to get started. These questions were submitted over the past week from our customers and community members alike. 

Best way to explain malware to non-technical clients - Russel H.

Is there any way that a zero day release can ever be stopped? - Gordon K.

Which strain (on this list) has been the most costly to clean up? - Jimmy T.

The CISO of one of my customers believes that protection against Ransomeware should not only be limited to security agent on users endpoints, but also be extended to the storage systems itself, whether on premise or in the Cloud. I rent to disagree. What's your point of view in this? - Marco R

What signs are you seeing for the near future in the malware landscape? Can't get much worse than Ransomware right? - Daniel G.

Userlevel 6
Badge +14

Best way to explain malware to non-technical clients - Russel H.

 

Even non-technical clients should have an idea of what malware is by now. Most of the population knows and can explain what ransomware is, but there absolutely are going to be able that just don’t know or care to know. 

 

We recommend training clients with solutions specifically designed for people who know nothing about the malware landscape. More and more companies are realizing the importance of these solutions as at the very top of an infection chain is employees who click on things they shouldn’t click on.

 

 

Webroot Secure Anywhere Training is a fantastic solution and you should check it out 

Userlevel 6
Badge +14

Is there any way that a zero day release can ever be stopped? - Gordon K.

 

I’m having trouble understanding your question? Are you asking if vendors can stop Zero-day vulnerabilities? Zero-days are usually exploits in the OS or firmware of certain hardware. Security vendors can’t stop the zero-day from pushing the malware onto the system, but they can stop the malware from executing on the machine. Still most “zero-days” were avoidable if people just patched. Most malware leveraging zero-days took time to make from when the zero day was leaked. During this time that malware authors are trying to utilize the attack, microsoft and others are typically patching them. Therefore, when the “zeroday” malware comes out it usually only gets the system that weren’t patched. Perfect example of this was WannaCry

Userlevel 6
Badge +14

Which strain (on this list) has been the most costly to clean up? - Jimmy T.

 

I would say Ryuk or Maze as they hit really high profile targets and ask for the most amount of money (from what is reported from victims on ransom amounts)

Userlevel 6
Badge +14

The CISO of one of my customers believes that protection against Ransomeware should not only be limited to security agent on users endpoints, but also be extended to the storage systems itself, whether on premise or in the Cloud. I rent to disagree. What's your point of view in this? - Marco R

 

Backups are there in case all else fails and many times they can save your bacon. But again even Security vendor and backup vendor is not enough. This is very important as there are multiple attack vectors that a hacker can leverage and relying solely on the vendors with set it and forget it mentality is inviting trouble. If your environment were to allow default RDP connections relying on the un/pw of the user, they can be brute forced and a criminal would have desktop access to that machine. They would be able to disable whatever backup and security solutions you have and then drag and drop malware payload to the desktop and double click. A good training solution will also protect the first layer of most infection which is the user - making sure they are better prepared to not click on what they shouldn’t .

 

A good cyber resilience posture will operate under the assumption of not “if” I’ll be infected, but “when”.

Userlevel 6
Badge +14

What signs are you seeing for the near future in the malware landscape? Can't get much worse than Ransomware right? - Daniel G.

 

most ransomware has now turned into extortion as well. This means that even if you have adequate backups to bounce back and not pay the ransom, they will threaten to release the data in order to humiliate the company and deal damage to the brand. It will also invite GDPR and CCPA fines if you are not to disclose the breach. This is a new development and we anticipate it to continue and only get worse. 

 

Userlevel 7
Badge +48

Just a couple more questions before we close this out: 

What trends do you see for 2021? - Richard C.

What was the most expensive malware attack of 2020?

 

 

Userlevel 6
Badge +14

What trends do you see for 2021? - Richard C

 

The extortion bit added to most popular ransomware campaigns has been very successful and we’ll see more of it. 

 

Also we didn’t have any mining malware on nastiest malware, but if there is a crypto bull run in 2021 like there was in 2017 then we’ll see those come out of the woodwork in droves

Userlevel 6
Badge +14

What was the most expensive malware attack of 2020?

 

There is absolutely no way to know for sure, but Garmin was hit and the criminals wanted around $10M. It is widely speculated that they paid the ransom, but again there is no way to know for sure.

Userlevel 7
Badge +48

Thanks again to everyone who submitted a question and joined us today. Also a big thank you to @TylerM for helping us out and answering questions. 

Thank you and be sure to read up on all of the malware that made our list