Understanding the security landscape
In recent years, the internet has become our main way to transfer ideas and data. In fact, almost every home in the developed world has a computer and an internet connection.
The current reality is that most of our lives are digital. For example, we use the web for the following:
- Shopping online
- Paying taxes online
- Using smart, internet-connected televisions
- Having internet-connected CCTV cameras surrounding our homes and businesses.
- Social media networks and website that we are using in a daily basis to share information with each other.
This means that anyone can find the most sensitive information, on any regular person, on their personal computer and smartphone.
This digital transformation, from the physical world to the virtual one, has also unfolded in the world of crime. Criminal acts in cyberspace are growing exponentially every year, whether through cyberattacks, malware attacks, or both.
Cybercriminals have several goals, such as the following:
- Theft of credit card data
- Theft of PayPal and banking data
- Information gathering on a target with the goal of later selling the data
- Business information gathering
Of course, when the main goal is money, there's a powerful motivation to steal and collect sellable information.
To deal with such threats and protect users, information security vendors around the world have developed a range of security solutions for homes and enterprises: Network Access Control (NAC), Intrusion Detection Systems (IDS)/Intrusion Prevention Systems (IPS), firewalls, Data Leak Prevention (DLP), Endpoint Detection and Response (EDR), antiviruses, and more.
But despite the wide variety of products available, the simplest solution for PCs and other endpoints is antivirus software. This explains why it has become by far the most popular product in the field. Most PC vendors, for example, offer antivirus licenses bundled with a computer purchase, in the hope that the product will succeed in protecting users from cyberattacks and malware.
The research presented in this book is based on several types of malicious software that we wrote ourselves in order to demonstrate the variety of bypass techniques. Later in this book, we will explore details of the malware we created, along with other known and publicly available resources, to simplify the processes of the bypass techniques we used.
Now that we have understood why organizations and individuals use antivirus software, let's delve into the malware types, malicious actors, and more.