CHAPTER 4

Malware and Malware Delivery Networks

Firewalls have evolved over the years and have been effective in defending against threats that attempt to infiltrate through the open service ports from outside of a protected infrastructure. The ubiquitous presence of Network Address Translator (NAT) at the ingress points makes it nearly impossible to obtain any meaningful results when host scanning from outside the perimeters of an organization. Although distributed denial of service (DDoS) attacks are still as prevalent today as they were a decade ago, modern variations of traditional brute-force attacks against an infrastructure bring temporary network outages that can be remediated quickly. The existing defensive solutions also can be fortified to recognize these attacks easily, thus becoming capable of fending off similar assaults in the future. More importantly, these attacks inflict limited negative economic impacts on an organization.

Contemporary security attacks begin with an internal security breach, which results when an internal user is lured into creating outbound connections and reaching malware delivery networks where all kinds of malicious executable such as keyloggers, Trojans, rootkits, and ransomware are hosted for download. The security compromise is now coming from the inside. Hackers, black hats, threat actors—no matter what we call them, these individuals are intelligent, inventive, and capable of creating ingenious exploits. They are motivated by money ...

Get Security Intelligence: A Practitioner's Guide to Solving Enterprise Security Challenges now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.