One of the challenges when managing the risks introduced by Malware is that Malware itself undergoes constant change. Just when organisations believe that they have addressed the malware issue, it returns. By Dave Waterson, CEO, SentryBay.
The first versions of malware, which achieved widespread distribution in the 1990s, did maximum damage to their host PCs. Malware writers in those days gained notoriety by implementing widespread damage such as reformatting hard drives on infected PCs.
During the next wave of malware, maximum distribution was the prime objective. Writers of worms such as the Love Bug virus gained notoriety by rapidly infecting millions of PCs in the shortest period of time – generally within days. For several years, we have witnessed the next wave of malware where the prime objective is to steal personal identities. This wave has enabled malware developers to fund their trade –by stealing and then selling on personal identities and sensitive data.
The Stuxnet worm heralds the onset of a new wave of malware activity. Here the objective of the worm is to infect networks so that they may in turn disrupt or terrorise society. In the case of Stuxnet, the worm infects a PC network looking for Siemens PLCs. This was witnessed recently when security experts in Belarus discovered that Stuxnet had attacked some of Iran’s top computers.
In this case, Stuxnet attacked by principally targeting Iran’s very first nuclear power facilities. Once it enters a network, Stuxnet makes its way by exploiting “zero-day vulnerabilities.” This means that the Stuxnet designers found and used four gaps in the Microsoft operating system before Microsoft found and patched them.
Criminals are motivated to steal identities for financial gain, whereas politically or religiously motivated malware writers are motivated to disrupt or terrorise electronic and physical systems. Malware used for Identity theft is on the increase and this trend is likely to continue. However at the same time we are likely to see an increasing occurrence of cyber-warfare related malware such as Stuxnet.
A lot of the discussion around Zeus and other similar Trojans such as Bugat and Clampi centres around attacks on online banking. The reality is that the majority of the threat is in the use of these well disguised pieces of malware to disperse keylogging malware to steal personal information from other sites.
This confidential information (which includes passwords, credit/debit card/bank account numbers, personal identifiers) is then sold to other cyber-criminals who use it to commit Card-Not-Present fraud, which makes up around 54pc of all fraud. Another 9pc of fraud is ID-based fraud such as account takeover – which is also caused by the sourcing of this personal information. Only 10pc of fraud is actually online banking related. The remaining 27pc of fraud does not involve electronic information. Thus the key protection needed against these threats is not solutions that simply address online banking – but solutions that actually protect the data entry on the user’s PC from being stolen on all of these other websites.
“Protect the data rather than protect the PC” is fast becoming the new catchphrase in safeguarding against these sophisticated threats. The latest security measures focus on protecting data as it is entered at the keyboard. Traditional security controls such as firewalls and anti-virus software need to be combined with proactive technologies to stop future threats. By protecting every keystroke before it is passed onto the browser, personal information is unreadable and protected from online criminals, and in conjunction with anti-virus software, offers close to 100 per cent protection for users.
For this reason, companies, including SentryBay, design security software solutions that can fully authenticate users and stop user credentials being stolen when online, stopping the fraud happening in the first place. They prevent any sensitive data that is entered into the application (such as passwords, PINs, bank account details) from being uplifted by spyware that may reside on a host computer.
Predicting the future of malware isn’t difficult. All one would need to do is look at how technology is evolving. Hackers hack what is hot. They wait for a new platform to be developed and they attack it, breaking the code by writing a new virus to destroy the security measure embedded to protect it. Advances in consumerised technologies such as laptops, USB memory sticks, tablets or wireless networking make it much easier for sensitive data to be accessible by hackers.
Hackers also hack what makes them money. No matter how sophisticated and secure the operating system is, there is an even more sophisticated piece of malware that will attack for commercial gain. Overall, businesses and individuals alike need to be much smarter than the hackers and protect data being stolen, thereby preventing crimes before they start.
