What’s “Cooking” in the World of Malware – A Chat with VirusTotal [Video]
It’s 10 p.m., and one of your employees is still working on a project that’s due in the morning. They’re clearly exhausted, and all they want to do is watch the latest episode of the new series they’ve been watching. They’re nearly done when a notification pops up on their computer screen. It’s an email from corporate IT asking them to update to the latest version of the company instant messenger. Without a second thought, they accept the update and enter their credentials, to get back to work. And in doing so, they inadvertently give attackers a foothold that allows them to access your network. Your organization’s most tightly held secrets are now at risk.
This real-world scenario illustrates what IT and security teams must defend against every day. To succeed, it’s important to understand the threat actors, their motives, and the context behind each type of attack.
In this episode of BlackBerry LIVE, VirusTotal Threat Intelligence Strategist Vicente Diaz, BlackBerry Senior Director of Cyber Threat Intelligence Dmitry Bestuzhev, and BlackBerry Vice President of Threat Research & Intelligence Ismael Valenzuela explore the latest threats that malware authors are cooking up, and the key ingredients companies need to level-up their defenses.
Topics covered in this episode:
- Common attacker tools
- Is the ransomware threat fading?
- Supply chain attacks
Watch the BlackBerry LIVE episode below.
Common Cyberattack Tools
During the BlackBerry LIVE discussion, the group touched on the latest uses of PowerShell, a perennial favorite of stealthy threat actors. This command-line interface and scripting language is used in the cybersecurity industry for legitimate purposes, such as automation, administration, and even for auxiliary tools that allow users to write a quick script to help sort out data.
Because it is already present and expected in typical corporate environments, it provides a handy means for attackers to perform malicious tasks, often without being detected or blocked by security tools. Bestuzhev of BlackBerry describes it best, “It’s like a knife — you can use it to cut the butter, or to hurt someone.”
Now, with artificial intelligence (AI) in the picture, things have become even more challenging.
Launched in November 2022, ChatGPT has already been shown to be both a blessing and a curse to the world of cybersecurity. While it can theoretically be used to automate and streamline certain aspects of cybersecurity defense, attackers can also utilize ChatGPT to create new malware faster than ever. For example, when given a scenario with certain parameters, and strategically questioned, the AI-powered chatbot can advise on what kind of encryption is best for ransomware developers to use.
However, Diaz of VirusTotal notes that AI can also be a boon to the threat intelligence community; this includes the way it helps diagnose malicious PowerShell actions. “ML models can help us defenders to understand quicker what is happening,” says Diaz. For instance, if a threat researcher finds a PowerShell and wants to get a quick idea of what it’s doing, machine learning (ML) models can provide useful information.
Recommendations for the Future
Regardless of what threat actors cook up next in their ransomware cauldrons, there are important steps every organization can take now to increase its security posture.
During the BlackBerry LIVE episode, BlackBerry’s Valenzuela explains the importance of context derived from cyberthreat intelligence, and how it informs cyber defense decisions. “I like to call this, ‘Think red, act blue,’” he says in reference to traditional offensive “red team” and defensive “blue team” roles and objectives observed in cybersecurity exercises and wargames. “Think like an attacker to know the attacker’s techniques and the motivations specific to your industry and your organization. And then translate that to defensive strategy.”