While the threat landscape is extremely sophisticated and diverse, almost all threats involve communication with the internet at some stage of their attack. This communication could include attackers transmitting malicious payloads for initial access, ransomware communicating with command and control to exchange encryption keys, or espionage tools exfiltrating sensitive information to sharing sites.
Keeping malware detections up to date is a never-ending journey and one that is made harder for defenders since the latest-and-greatest malware is rarely completely “new.” Instead, it is more likely to be a combination of “something old, something borrowed, and something new.” Take document malware for example, it spent years in dormancy then resurfaced in 2014 when Dridex used documents to deploy its payload, and it still remains on the SophosLabs team’s “Most Wanted” list, as referenced in Sophos’ 2021 Threat Report.