Cybersecurity experts at Minerva recently made a stunning discovery of a new malware tagged Beep that has the features to evade detection and analysis by security software. The cybersecurity organization discovered Beep after samples were uploaded on VirusTotal.
How Beep works to evade detection
While Beep is in its early stage of development and still lacks some essential malware attack capabilities, Minerva’s report shows that it can enable threat actors to download and inject additional payloads on infected systems using three major components: a dropper, an injector and a payload.
The differentiating factor between Beep and other malware is its ability to beat detection using unique evasion techniques. For example, Beep uses sandbox evasion techniques to bypass sandbox security systems used to test suspicious programs for malware activity. Beep also uses encryption techniques to disguise its malicious activity, making it even more difficult to detect.
SEE: Get nine ethical hacking courses for just $30 (TechRepublic Academy)
In addition, Beep employs a mix of other methods including dynamic string obfuscation, assembly implementation, system language check, anti-debugging NtGlobalFlag field, RDTSC instruction and Beep API function anti-sandbox.
The key concern with the Beep malware revolves around its potential impact on businesses if it is not detected. Like every other malware, the target would most likely be to steal sensitive information, such as login credentials and financial data.
A researcher at Minerva Labs, Natalie Zargarov, commented that “it seemed as though the creators of this malware were trying to install as many anti-debugging and anti-VM (anti-sandbox) tactics as they could find.”
How businesses can mitigate a Beep malware attack
Beep can be weaponized by cybercriminals to launch a ransomware attack. Here are key measures businesses can implement to mitigate this security risk.
Businesses must prioritize security when configuring their systems. By implementing secure configuration settings, you can reduce your organization’s attack surface and address any security vulnerabilities resulting from defective configurations.
The CIS benchmarks provide an excellent option for organizations seeking to adopt industry-leading configuration standards developed through consensus. Big companies like AWS, IBM and Microsoft are advocates of the CIS Benchmarks for secure configurations.
Check port settings
Numerous ransomware variants exploit the Remote Desktop Protocol port 3389 and Server Message Block port 445. Decide if your organization has to keep these ports open and restrict connections to trusted hosts.
For both on-premises and cloud environments, analyze these settings and collaborate with your cloud service provider to disable unused RDP ports.
Set up an intrusion detection system
To identify potentially harmful activity, enterprises can use an intrusion detection system, which matches network traffic logs to signatures detecting known malicious behavior. A reliable IDS should update its signatures regularly and notify your organization immediately if it identifies possible malicious activity.
Keep software up to date
Another important step in preventing the possibility of a Beep or other malware attack is to ensure all software and operating systems are up to date with the latest security patches and updates. Cybercriminals often exploit vulnerabilities in older software versions to gain access to systems, so keeping everything up to date can help minimize these risks.
Use antivirus and anti-malware software
Having robust antivirus and anti-malware software in place can help prevent ransomware attacks. Although Beep has demonstrated an incredible ability to evade detection, it’s still crucial for businesses to have anti-malware software programs installed on their systems.
Quality antivirus and anti-malware software can help detect and quarantine malware before it can do any harm. It can also provide additional layers of protection against other types of cyber threats.
Implement strong password policies
Weak passwords can be a major security vulnerability, so implementing strong password policies can help to prevent unauthorized access to systems and data. This can include requiring complex passwords, regularly changing passwords and using multi-factor authentication to add an extra layer of security.
Educate employees about ransomware
It’s essential to educate employees about the risks of ransomware attacks and how to spot potential threats. This can include cyberpsychology or human factor training and other organization-specific security training on how to recognize phishing emails and other types of social engineering attacks as well as guidance on best practices for handling suspicious emails and other communications.
Read next: Security awareness and training policy (TechRepublic Premium)