Malware Hunt: Demystifying the Invisible Threats

Module 1/3: Dynamic Analysis: Demystifying the Behaviour of Malware

Understanding how malware operates and how to detect it is crucial in today’s cybersecurity landscape. In this module, we will be covering an end-to-end attack chain, which is a common method used by cybercriminals to infect systems. Here’s a breakdown of the different steps involved in this module:

1. Phishing Email: The attack begins with a phishing email, where an attacker sends a fraudulent email to a user, typically pretending to be a trusted entity. The email may contain malicious attachments, links, or instructions to trick the user into taking specific actions, such as clicking on a link.
2. Silent Malware Deployment: When the user falls for the phishing email and clicks on the provided link or opens the malicious attachment, the malware is silently deployed in the background without the user’s knowledge. This step is crucial for the attacker, as they gain access to the user’s system without raising suspicion.
3. Identifying Suspicious Network Connections: After the malware is deployed, it may attempt to communicate with the attacker’s command-and-control (C2) server or other malicious entities over the network. Detecting these suspicious network connections can be a vital clue for identifying a potential malware infection.
4. Suspicious Processes: Next, you’ll be exploring the system’s processes to find any suspicious ones that might be associated with the malware. Malware often runs as a hidden process, evading the user’s attention.
5. Host-Based Indicators:You’ll then search for host-based indicators of the malware’s presence. These indicators include persistence mechanisms, which are techniques used by malware to survive system reboots and maintain their foothold on the infected system. Additionally, you’ll analyze disk activity performed by the malware to better understand its behavior.
6. Malware’s Motive: Lastly, you’ll try to identify the motive behind the malware. This involves understanding the malware’s purpose, whether it’s ransomware seeking financial gain, spyware collecting sensitive information, or any other malicious intent.

By following these steps, users can gain a better understanding of how to detect and respond to potential malware infections on their systems. It’s essential to stay vigilant and continuously update cybersecurity practices to protect against evolving threats. Remember, prevention is always better than remediation when it comes to cybersecurity.

Course instructor: Saurabh Sharma, Kaspersky

About the instructor: Saurabh Sharma is a senior security researcher at the Global Research and Analysis Team (GReAT) in Kaspersky. He contributes to the GReAT team’s mission by helping to investigate the most active and advanced threat actors, targeted attacks, attacker tools, and more. Saurabh’s professional passions include reverse engineering malware, as well as uncovering, tracking, and analyzing APT campaigns, and providing technical reports. Saurabh has previously spoken at various international infosec conferences in India and abroad.

Registration is required to attend. It is a free course (courtesy: Kaspersky Academic initiative)