Raising threat levels
With the threat landscape evolving more quickly than ever before, it is now reasonable to assume that new types of malware are always just around the corner
With the threat landscape evolving more quickly than ever before, it is now reasonable to assume that new types of malware are always just around the corner. How can enterprises make sense of the growing numbers of threats out there, and how can they defend against them?
In March this year, researchers from ESET, CERT-Bund, the Swedish National Infrastructure for Computing, and a number of other agencies, uncovered a widespread cyber-criminal campaign that had seized control of over 25,000 Unix servers worldwide. The attack, dubbed Operation Windigo, resulted in infected servers sending out millions of spam emails, which would then infect computers and then steal information from them.
The Windigo campaign had been running for over two years, totally undetected. And its discovery provided the most recent evidence that, despite the industry’s best efforts, we are largely in the dark as to what tricks cyber-criminals are going to pull next. Big discoveries like the Windigo one come along regularly, of course, but if each campaign manages to run for such a long time undetected, it stands to reason that the cyber-criminal underworld has much more up its sleeve.
And this is particularly true when it comes to malware. The big security vendors play a vital role in hiring researchers to scope out the security landscape. But it takes these people time to find new strings of malware, which are created on a daily basis, meaning that the next new piece of dangerous software is always just around the corner.
“Malware families tend to peak, or see maximum infection rates, for short periods of time, during which security solution vendors play catch-up,” says Manish Bhardwaj, marketing manager at Aruba Networks.
According to the McAfee Labs Q4 2013 Report, there were over 2.3 million new malicious signed applications during the fourth quarter of 2013 — a 52% increase from the previous quarter. During the year, McAfee Labs found 200 new malware samples every minute, or more than three new threats every second. With statistics such as these as your backing, it is fair to say that cyber-criminals are endeavouring to stay one step ahead.
“Given that polymorphism — i.e. the ability of malware to dynamically create different forms of itself — is a popular tactic used by malware writers to help circumvent security signatures, even traditional forms of malware can periodically slip through undetected and then pose a challenge to enterprise security,” says Bhardwaj.
But this does not mean that attempting to understand the threat landscape is futile. Indeed, security experts advise obtaining as much knowledge as possible about the evolving nature of various types of malware, as this knowledge can go a long way in not only setting up good defences, but also in working out what cyber-criminals might come up with next. And some believe that IT professionals in the Middle East should pay particular attention to the threat landscape.
“The MENA region is a major target for malware and cyber-threats. The region suffers all the normal malware infections — Trojans, worms, botnets, and viruses — that affect the rest of the world, but also seems to suffer a higher infection rate than other regions. For instance, according to the latest regional statistics from Microsoft, Middle East countries outpace other countries for the highest percentage of infected machines, and Egypt seems to lead the region in infected machines. A growing economy combined with less cyber-regulation and adoption of cyber-security technologies probably contributes to the increased infection rate in MENA,” says Surender Bishnoi, WatchGuard’s regional manager for the MEA region.
“Besides suffering from normal cyber-threats, the MENA region also is the target of higher-than-average amounts of industrial and government cyber-espionage. MENA has been the victim of many advanced persistent threat (APT) campaigns that seem to originate from other nation states, such as Duqu, Flame, Gauss, Mahdi, and the infamous Stuxnet. Some of the most advanced cyber-attacks seen in history are targeting organisations in MENA.”
Advancing the art
Indeed, the state-sponsored malware argument is hammered home by a number of other experts. Ali Joseph, general manager of RadarServices Middle East, says that nation states in the region aim to steal valuable information for companies in their home country. What’s more, he warns, state-sponsored organisations have the resources and know-how to develop very sophisticated malware.
Even in the cyber-criminal underworld, sophistication is the order of the day. According to Ray Kafity, FireEye’s regional director for the Middle East, threat agents have increased the sophistication of both their attacks and their tools.
“Upgraded and more sophisticated versions of traditional malware have certainly given us enough to worry about in 2013 and have caused harmful financial losses. Hackers are being inspired by older malware and are developing new versions in order to create more sophisticated attacks that are hard to fight,” he says.