Odix is disarming the growing malware threat

So far, 2020 has been a rough year for everyone not just for the cybersecurity space. Various threats and vulnerabilities have already led to cyberattack incidents during the first quarter. Now, with the coronavirus pandemic, users also have to be wary of both physical and digital risks. Malicious actors are using COVID-19 to launch email spam, business email compromise (BEC), and malware attacks on individual users and organizations.

Hackers often exploit disasters by releasing themed malware into the wild. Fake websites and applications that supposedly provide mapping and tracking information on coronavirus cases have been stealthily installing malware on target devices. Some of these sites have been identified to install a variant of the AZORult malware, designed to steal sensitive data and cryptocurrencies, and propagate its spread across networks.

For organizations, this increase in threats only adds to the already rampant problem of malware attacks. Threat groups have been using automated mechanisms to constantly probe networks and infrastructure and deploy malware. Considering the complexity of modern malware, it is crucial for companies to have tools that can capably mitigate these kinds of risks. Malware disarm firm odix looks to provide enterprise-grade security to organizations through its ecosystem of services.

A destructive threat

Modern malware can perform a variety of destructive actions. Viruses can delete work and system files to render endpoints useless. Trojans and spyware can be used to steal sensitive information from users resulting in massive data breaches. Remote access tools can provide advanced persistent threats (APTs) and threat groups the means to access and hijack infected devices and endpoints over the internet.

Ransomware, which has been the bane of many enterprises over recent years, is designed to encrypt files on target computers to force users to pay a ransom in exchange for means to regain access to their documents. The WannaCry outbreak of 2017 took down critical operations of large governmental and commercial organizations worldwide. Newer ransomware variants are now even coded to exfiltrate private data before running encryption, allowing hackers to already gain from stolen data even if the victims opt not to pay the ransom.

Malware is often used as part of more complex attacks by APTs. They often use social engineering attacks such as phishing or spoofing in order to trick users into downloading malware into their computers. Once malware enters a device or network, it can then execute its designed purpose and wreak havoc across an organization’s entire infrastructure.

For organizations, malware attacks are among the most expensive ones to deal with, costing upwards of $2.6 million to deal with annually.

Disarming malware

Conventionally, users can protect their devices using antiviruses and antimalware solutions. Many of these tools rely on signature-based detection which compares a file against a database of known malware samples. If a suspicious file matches a signature in an antivirus database, the tool would then remove the file either through deletion or quarantine.

Unfortunately, malware designers have become quite creative in trying to circumvent these measures by using polymorphic code which automatically and continuously alters the malware’s form and signature. As such, these conventional tools are inadequate to deal with these new threats. Organizations need to implement more capable solutions.

Odix uses content disarm and reconstruction (CDR) as its key approach to disarming malware. Through CDR, a potentially malicious file or document is scanned for any traces of malicious code. The suspect code is then removed, and the file is reconstructed to regain its usability. Odix’s TrueCDR even retains the file type during the sanitization process to improve its recovery of the infected file.

Files are also scanned at a binary level in order to weed out malware that uses polymorphic code to disguise itself. A key advantage of CDR is that it can detect and disarm newer variants of malware unlike with signature-based solutions that require a malware’s signature to be in their databases first.

Odix can be deployed at various parts of an organization’s infrastructure. The solution can work with network files applications, allowing it to scan and sanitize files as it moves through the network. It can be deployed on email servers to ensure that malicious attachments are disarmed even before they reach a recipient’s inbox. Odix also has an application programming interface (API) which can be used to integrate CDR with other enterprise applications.

In addition, the company offers a Kiosk solution which serves as a standalone workstation on which users can perform CDR on removable storage devices like USB drives and portable disks. This is useful for industrial facilities that keep parts of their infrastructure isolated from networks but require that their data be moved around using these devices.

Stronger posture for organizations

Falling victim to a cyberattack can have grave consequences for any enterprise. Considering how malware has become a constant threat even with other attack methods, companies would do well to improve their malware protection. Solutions such as odix provide the necessary capabilities to deal with the complexities of modern malware.

The company is also working toward making its solutions accessible to smaller firms. Recently, the firm was awarded a €2 million grant by the European Commission to make its solutions available to small to medium-sized enterprises (SMEs). This is potentially a game changer as SMEs are frequently targeted by hackers due to their lack of robust protection.

With the availability of such solutions, organizations can work toward developing a stronger security posture. By capably dealing with the malware threat, they can minimize their risk of being victimized by catastrophic cyberattacks and keep their own data and their stakeholder’s information safe.


Subscribe to the Help Net Security breaking news e-mail alerts:

More about

Don't miss