By Reason Cybersecurity
on Tue Nov 03 2020
Sality, brought to you by Russian-based eCrime group, Salty Spider, has been around since 2003, but it has gone through several evolutions since then with each new version being more dangerous and formidable than its predecessor. Sality is a type of PE malware, and like other PE malware, it hijacks portable executable files on local, shared, and removable drives and injects them with malicious code. Although it has been around for a long time, Sality is still considered to be one of the most complex and dangerous forms of malware due to its ongoing development, and evolving capabilities. In fact, Sality continues to claim a long list of victims across the globe; you definitely do not want your business visited by this dangerous intruder. It is stranger danger to the extreme.
The damage Sality can cause your business is truly epic. It can record keystrokes, inject malicious code, generate and send spam, remove antivirus software, launch denial-of-service (DOS) attacks, steal sensitive and personal information, connect to a botnet to download additional malicious payloads, and in general wreak all sorts of havoc on your business devices. In addition, Sality is capable of continually communicating with its remote server so that it can receive updates and functionality improvements as needed. Seventeen years after it was first discovered, it continues to pose a significant threat to the privacy and safety of businesses and their employees.
How it spreads
Similar to the majority of malware, Sality, which also goes by several other names including SalLoad, Kookoo, and SaliCode, spreads primarily via phishing campaigns, malicious email attachments, or free third-party software, with COVID-19 themed malicious emails especially prominent right now. It’s also commonly spread through infected USB devices. Once Sality finds its targeted executable files, it injects the files with malicious code and then starts to download additional complex malware. The best way to protect your business from Sality is to thwart Sality attacks before they happen.
Thwarting Sality attacks and protecting your business
The key to protecting your business from Sality and other malware is an abundance of caution and a reputable and powerful endpoint antivirus solution. Your antivirus solution should rely on advanced technologies that can perform Sality malware analysis as well as malware analysis for all known and zero day malware threats. In addition, it should provide an anti-ransomware shield, protection from phishing, unwanted software, and malicious websites, and camera and microphone protection to stop hackers from spying on business meetings.
Raising cybersecurity awareness levels amongst your employees is another powerful defensive measure. Employees should be taught how to avoid malicious websites and phishing emails and instructed to never open files that are from dubious email addresses or that look suspicious. They should also be instructed to only download software from official sources using direct download links and to never insert USB flash drives, SSDs, or other external drives without first being sure the drive is totally safe to use. Implementation and enforcement of a strong password policy is equally critical to a business’ security. Passwords should be at least 10 characters long and use a combination of numbers, upper and lower case letters, and special characters. They should also never be shared or used for more than one account. Finally, virtual private networks (VPNs) are a critical component of cybersecurity as well, especially now that so many employees are working from home. With a VPN, a remote worker’s connection is secure and safe from prying cyber-criminal eyes.
Sality is indeed salty
Even though Sality has been around for a long time, it is still one of the most dangerous, complex, and sophisticated types of malware in the wild. Its ability to evolve and add functionalities so that it includes just about every variety of malware from viruses, keyloggers, and rootkits to worms, Trojans and zero-hour exploits makes it a huge threat to businesses. Businesses need to protect themselves against this salty, hostile malware by installing a powerful endpoint security solution and by implementing the security measures mentioned above. Continued vigilance against Sality and all malware should be a major component of every business strategy.