CISO2CISO.COM & CYBER SECURITY GROUP

Deception at Scale – How Malware Abuses Trust by VIRUSTOTAL

Welcome to the VirusTotal
research report. We hope that by sharing our visibility into the threat landscape we can help researchers, security practitioners, and the public better understand the evolution of malware attacks.

This report explores different abuse-of-trust approaches used by attackers to spread their malware, avoid defenses, or maximize the success of social engineering attacks. We decided to study this approach following the wave of supply chain attacks witnessed during the last few years. These attacks can be
seen as an abuse-of-trust as malware authors often rely on the implicit trust that exists between a reputable software supplier and the user.

We identified different ways attackers use to abuse this implicit trust, including mimicking legitimate applications, using legitimate distribution channels for their malware, and signing their samples. Our goal is to explore the magnitude and evolution for some of these techniques.

VirusTotal is in a unique position to provide a source of comprehensive visibility of the malware landscape. Over the last 16 years, we have processed more than two million files per day across 232 countries. VirusTotal also harnesses the continuous contribution of its community of users to provide relevant attack context. We use this crowdsourced intelligence to analyze relevant data, share an understanding of how attacks develop, and help inform how they might evolve in the future.

This report continues in the direction of what we hope will become an ongoing community effort to discover and share actionable information on malware trends.

This report continues in the direction of what we hope will become an ongoing community effort to discover and share actionable information on malware trends.

Leave a Reply

Your email address will not be published.