Malware Persistence Mechanisms

In the public imagination Cybersecurity is very much about malware, even though malware constitutes only part of all the threats faced by Cybersecurity experts. However, malware is still one of the best methods to gain persistent access and control of a target system. Malware is often combined with a well socially-engineered phishing attack that deceives a user to gain a foothold on a system. Once the attakcer gains a beachhead in the victim’s network, it may be used to download additional payloads and exploit vulnerabilities, to gain more control and access within a network. Using malware as their foothold, attackers are able to to conduct reconnaissance, gather intelligence (e.g., exfiltration of intellectual property) or simply inflict damage or extortion (e.g., ransomware). All of this has to be done in a way that allows an attacker to retain access for as long as possible; the ability to do so is called persistence, and this paper examines the different techniques used by malware to accomplish persistence in an ever evolving landscape.