MEGHAN JACQUOT
REFLECTIONS ON MALWARE by Meghan Jacquot, Security Engineer at Inspectiv Malicious software (malware) did not always exist.
on endpoints the file names shifted and so the
Researchers disagree on what represented the first
distribution chain was broken.
virus. I will define it as Wabbit in 1974, because it caused computers to crash. Over time, malware
This was an error that needed to be fixed, and that is
changed the software scene dramatically. At first
exactly what the threat actor group did. Its members
malware was often sent as a joke: think of a snake
either learned about the error through monitoring
game. However, it has become much more serious
their systems or through monitoring defenders’ social
and is now a standard tool of criminal syndicates and
media posts, and modified Emotet rapidly. The error
threat actor groups. This article will discuss three
was found on a Friday, tested, fully debugged and
trends in modern malware seen in 2022.
fixed by the following Monday. Think back to the question about how long it would take your team to
ADAPTABILITY
fix an issue. As defenders we need to be aware of
If you noticed an issue on a Friday afternoon that
how adaptable threat actors are.
impaired the functionality of a system how long would it take to get it fixed? I am certain many of
DECEPTION
you are thinking “It depends” and are considering
A continuing trend observed in malware operations
criticality, uptime, services, who it impacts, etc.
is deception. Deceptive tactics often exploit current
For many teams, a Friday afternoon issue would be
events and this was the case in 2022. For example, in
fixed in the following week, or later depending on
January the final phase of the Windows 11 upgrade
its criticality.
was announced and was exploited as a current-eventbased deception by threat actors. They were able
112
Threat actors are sometimes much more responsive
to create various deceptions masquerading as this
to the issues they face. Emotet, long-lived malware,
necessary download to install their own malicious
was developed by a threat actor group that has
payloads. The group behind infostealer malware,
shown adaptability over the years, including in 2022.
RedLine Stealer, was observed using this exact tactic.
Research group Cryptolaemus identified an update
Another form of deception that researcher iamdeadlyz
to a static file reference in Emotet that compromised
identified in August was more complex. Threat actors
its performance. When the malware was installed
pretended to be testers for a play-to-earn (P2E)
W O M E N I N S E C U R I T Y M A G A Z I N E
N O V E M B E R • D E C E M B E R 2022