Rising Malware Threats Rock Security World

Malware. This software that works to damage or disable computer systems is increasingly found behind the scenes of some of the biggest security breaches of the decade.

Google breaches over the past two years demonstrate how hackers will target private companies and government agencies alike. Meanwhile, the RSA breach was another reminder of cyber espionage capabilities—and it raised significant concerns of a malicious ripple effect through the likes of Lockheed, L-3 Communications and Northrop Grumman. Some security analysts expect weekly breach announcements for the next few months.

“Malicious code infections, malware and virus infections continue to frustrate security teams even though significant enterprise security resources have been devoted to prevent these very infections,” says Carl Herberger, vice president of Security Solutions at Radware, a Mahwah, NJ-based integrated application delivery solutions provider.

“Traditional signature-based anti-virus approaches have proven to be ineffective against modern attacks, and organizations that have tried host intrusion prevention find that technology is not an effective part of the endpoint security solution.”

The Rise of Malware
Read any antivirus vendor’s threat research report and it will reveal malware is growing exponentially. At the same time, Symantec announced that more than 75 percent of the threats in 2010 targeted 50 computers or less. Considering there is now more malware and it is less likely to be detected, the threat level derived from malware is certainly increasing.  

“The tools necessary to create malware and ‘armor’ it against detection are readily available. Most of the tools are free or cost only a few dollars. The price point will continue to fall,” says Gunter Ollmann, vice president of Research at Atlanta-based cyber security firm Damballa.

“New managed services appear daily to support the criminal development and distribution of malware. The fact that the bulk creation of new malware can be measured in the millions of samples per hour, and can be guaranteed to evade all commercial desktop AV solutions means that the threat continues to evade the latest advances in desktop protection.”

Front Page Malware Trends
With the bulk creation of malware, new trends are emerging. As recently as a few weeks ago, Macs were seen as secondary targets primarily due to lack of penetration in the business world. Now, even Mac attacks are making front page news now.

“No longer can the malware written for Macs be considered second class,” says Tom Murphy, Chief Strategy Officer for Waltham-Mass.-based Bit9, a whitelisting and endpoint security company. “The threat to Mac systems will reach a level of sophistication not far behind APT-like quality threats targeted at Windows computers.”
 
The newest trends in malware are being made in two key areas: detection and evasion of dynamic analysis systems and the honing of malware designed for smartphones.

“Access to the technologies that create these kinds of malware is growing,” Ollmann says. “The sophistication of the malware is due to the advancement of the smorgasbord of tools that professional developers now supply to the actual malware authors. The malware author doesn't necessarily need to know anything about malware—and certainly doesn't need to know how to write computer code.”
 
Speaking of code, Proofpoint spam fighter Scott Panzer reports that the latest version of the Facebook profile-tracking scam encourages users to drop a bit of Javascript code into their browser's address bar to enable you to see who is viewing your profile. The code itself is malicious. If executed, it spams itself to your Facebook wall and your online friends. It then friends you to several other random accounts, probably with the goal of executing further phishing attacks.
 
What Are the Greatest Threats?
There are many threats, yet security researchers don’t fully agree on which one is the greatest. Some point to the mobile world. Others insist on social networking. Still others point to China.

“Clearly, social media are increasingly the target of attacks, but it's generally impossible to tell just where the next greatest threat will come from,” Rami Habal, director of product marketing at Proofpoint, a Sunnyvale, Calif.-based cloud-based e-mail security and compliance solutions firm. “You need protection not only against known attacks but also against new and unexpected threats.”

As Murphy sees it, China is cyber bullying the United States right now and the targets are not limited to government agencies. Breaches, like the one that took place within RSA, are also damaging because the impact cascades down to RSA customers: “Threats that are targeting the security products themselves have a much broader implication because it is not just the security vendor that gets compromised, it is every company relying on that security vendor’s solution.”

Ollmann is taking a bird’s eye view on the issue. From his perspective, the greatest malware threat today is the federated ecosystem that supports all cybercrime. By its very nature it is sophisticated and crosses the black, white and gray corporate worlds.

“Many of the ecosystem suppliers are now commercial entities. The ability to uniquely define an attacker was lost several years ago,” Ollmann says. “Instead, we are faced with having to deal with a menagerie of service providers and career criminals that contributed their specialist capabilities to a particular attack.”

Read part two of this article, Application White listing Vs. Malware which explores the changing face of malware and what role application whitelisting plays in protecting your computer systems.