/* * */
 
MALWARE ANALYSIS
All specialists consider malware as
the worst and most serious digital threat.
Understand reasons for this consensus.
Back
Next
Malwares:  Scenery
Specialized tools do not follow the evolution and mutations of each malware.
The growth of the number of infection's case is evident.
Malwares are disruptive and raise risks to the business continuity.
Nowadays, they are classified as the most serious threat in any digital infrastructure.
Source: NTT - SERT
Attacks by Type and Sector (2017)
Losses: Global Evolution
Source: SecureList.com
Stolen Database Records (2017)

5236065

everyday

218169

per hour

3636

per minute

61

per second
Global Realtime Attacks
Denial of Service Attacks (DoS/DDoS)
Ataques Diversos em Tempo Real
Ataques Negação de Serviço (DDoS)
Costs related to Malwares Infections
Estimated Losses due to Cybercrime
Sources:
A survey conducted with more than 5.500 companies in 26 countries got the following :
The Average-Cost by Threat Type demonstrates that malware related threats are equivalent to 154% of the sum of all other threats.

And, in this scenery, we are not focusing on "ransomwares", elected in 2016/2017 as the most-disruptive plague.
Direct and Indirect Costs per Attack
How have companies shared these costs?
And how were these professional cost divided up?
Malware Analysis = Your Best Strategy
When we talk about Malware Analysis, we are considering your company will be attacked soon (or it is already under na attack). Our statistics show it and confirm the information above, which prove that we are not alarmists.
The Malware Analysis is a set of practices and procedures that can be performed at any time in your company, especially where there is no evidence of an attacks. However, it is exactly at this time when malwares is getting ready for attacking, by:
Downloading parts of codes to avoid being detected by antimalware programs, which raise alerts.
Opening communication ports or using the trivial ones such as HTTP, HTTPS, FTP, DNS, and so on.
Spreading routines through the local network.
For a better understanding of our work, access the video below on our YouTube channel.

We suggest watching the video in 1080HD and fullscreen mode. This video contains audio theme.

Clique aqui para ver o vídeo

Back
Next
Note: if there is any equipment visibly attacked, it is fundamental to follow some procedures to preserve RAM memory and  data that will be analyzed.

1.
Never shutdown or reboot the computer, because it is important for keeping access to the memory where malwares leave traces of their presence and action.
2.
Do not perform a malware/viruses scan, because this action can destroy relevant data.
3.
Isolate the computer from LAN immediately. This action can be performed either by unpluging the cable or, in case of being using WiFi, disassembling the device through hardware (by pressing ALT-F2).
4.
Do not format disk or delete files - again, it may erase important data to our analysis.
5.
Never, never restore any data backup if you are not 100% assure of being restoring a clean backup. The big risk is to infect the backup set and, once more, your system.
6.
Finally, you must NEVER consider the Information Security team as true Malware Analysts. In these cases, it is common to see people insisting in fixing the problem, but causing bigger malware spreading effects through the LAN to other computers.