Today's threat landscape has changed. There are far more variations of malware, more toolkits and obfuscation. Attack targets are shifting from PCs to the individual, and Web 2.0 has been a definite catalyst.
So said Toralv Dirro, EMEA security strategist at McAfee, speaking at the McAfee Executive Forum at Monte Casino yesterday. “In addition, there are many different types of malware out there, from viruses that crash computers, to Trojans that steal financial credentials.”
Since 2006, malware production has transformed from a basement hacker's pastime into a major source of revenue for criminal organisations. Funded by organised crime to steal financial information, malware authors began producing malicious code at an alarming rate and increased complexity. “Today, McAfee receives about 55 000 new samples daily.”
He said it is very easy to set off a Trojan attack. “All the necessary tools can be purchased from underground sites on the Internet. Even more scary, many of these packages come with updates and customer support.”
Compounding the problem, he said, is the fact that malware these days is increasingly complex and highly sophisticated. He cited Torpig - a botnet spread by a variety of Trojans affecting computers using MS Windows - as an example.
Torpig circumvents anti-virus through the use of rootkit technology and scans the infected system for credentials, accounts and passwords. It also has the potential to allow cyber criminals full access to the computer. It is also purportedly capable of modifying data on the computer.
Speaking of corporate espionage, Dirro says it has been around for a long time. “Aurora was a prime example of this. “Operation Aurora occurred between mid-2009 and December that year. It was first publicly disclosed by Google in January 2010, and the company fingered China as the originator of the attack.
“The attack featured an e-mail containing a link to a malicious Web page, with the exploit contained directly in its javascript. The attack was aimed at an individual, to gain access of the company server.”
Dirro said unfortunately many companies are unaware of the impact of malware on their systems and the accompanying, significant threat to their data. And although security companies have developed technologies to counter these threats, reactive protection is no longer enough, he added.
In the past, it was easier for anti-virus software to find and eliminate the infections, he explained. However, once the goal switched from notoriety to profit, malware writers began adding stealth features to their programs.
“This allowed malware to continue its illegal activity for longer without being detected. Modern malware uses a variety of methods to conceal itself.”
He said not only has the malware gotten stealthier, it has multiplied in variety and number at an unmanageable rate. “2006 saw a noticeable growth in malware samples.”
To fight against the myriad malware strains out there, anti-virus software companies have turned to powerful server networks to analyse and block new strains.
Old anti-virus programs used a single computer to analyse itself. This combined approach, or cloud computing, allows AV companies to go beyond just checking malware code against a library of previously observed programs, he explained.
He also revealed that anti-virus software enabled with Global Threat Intelligence (GTI) protects users comprehensively.
GTI is based on six principles, or requirements that must be satisfied in order for the threat intelligence model to be successful.
Firstly, to maintain a footprint that spans the Internet, including millions of sensors gathering real-world threat information. Secondly, gather and correlate data from and across all threat vectors, including file, Web, message, and network.
Following this, Dirro said to ensure that data collection and intelligence distribution are cloud-based and performed in real-time, and be reputation-based. “Deliver intelligence built into a complete suite of security products and utilise a global research team dedicated solely to threat intelligence.
“GTI enables all entities to share information automatically from one entity to all others to protect customers from online dangers and blended threats such as botnets and DNS attacks.”
Share