By Anthony Perridge
Malware seems to be everywhere and it’s incredibly challenging to combat. It can take many forms and is increasingly resistant to traditional approaches to detect and stop. Instead of relying on a single attack vector, malware will use whatever unprotected path exists to reach its target and accomplish its mission.
Mosquitoes are quite similar. There are thousands of species and numerous ways to try to protect against them but each method has its limitations. You can’t walk around completely covered, sound waves and fans have mixed results and, increasingly, mosquitoes are developing resistance to many pesticides. Mosquitoes only need a very small gap in coverage to attack. Depending on the species, a bite can have serious health implications unless quickly diagnosed and treated.
Malware is affecting more and more organisations every day. According to the 2013 Verizon Data Breach Investigation Report, of the top 20 types of threat actions last year, malware is the most common method used– at 10 – followed by hacking and social engineering. Increasingly, blended threats that combine several methods –for example, phishing, malware and hacking– are being used to introduce malware, embed the malware in networks, remain undetected for long periods of time and steal data or disrupt critical systems.
The evolving trends of mobility, cloud computing and collaboration are paving the way for new malware attacks we couldn’t have anticipated just a few years ago and that require new techniques to defend against. A growing attack vector, smartphones, tablets and other mobile devices have become essential business productivity tools. As their performance and roles in the workplace approach that of traditional desktop and laptop computers, it becomes even easier to design malware for them, and more fruitful. The increased use of mobile apps also creates opportunities for attackers. When users download mobile apps, they’re essentially putting a lightweight client on the endpoint and downloading code. Many users download mobile apps regularly without any thought to security, exposing the organisation to greater risk.
Extending networks to include business partners and an increasing reliance on internet service providers and hosting companies are prompting cybercriminals to harness the power of the Internet’s infrastructure, not just individual computers, to launch attacks. Websites hosted on compromised servers are now acting as both a redirector (the intermediary in the infection chain) and a malware repository.
- “Watering hole” attacks targeting specific industry-related websites to deliver malware
- Malware delivered to users legitimately browsing mainstream websites
- Spam emails that appear to be sent by well-known companies but contain links to malicious sites
- Third-party mobile applications laced with malware and downloaded from popular online marketplaces
Traditional defences are no longer effective in helping organisations deal with today’s cyber security challenges including a greater attack surface, the growing proliferation and sophistication of attack models and increasing complexity with the network. Technologies to protect against threats must continue to evolve and become as pervasive as the attacks they are combating. It’s more imperative than ever to find the right threat-centric security solutions that can work in your current environment and can easily adapt to meet the growing needs of your extended network, which now goes beyond the traditional perimeter to include endpoints, email and web gateways, mobile devices, virtual, data centres and the cloud.
When evaluating your approach to security in light of pervasive malware, seek out solutions that address these daunting challenges:
A greater attack surface. To deal with ever-expanding attack vectors, you need visibility across the extended network with contextual awareness. The more you can see, the more you can correlate seemingly benign events and apply intelligence to identify and stop threats, for example detecting zero-day ‘unknown’ malware that might enter through email or the web and taking action.
Growing proliferation and sophistication of attack models. Policies and controls are important to reduce the surface area of attack but threats still get through. A laser-focus on detecting and understanding threats after they have moved into the network or between endpoints is critical to stopping them and minimising damage. With advanced malware and zero-day attacks this is an ongoing process that requires continuous analysis and real-time global threat intelligence that is shared across all products for improved efficacy.
Increasing complexity of the network. Networks aren’t going to get any simpler and neither will attacks. You can’t keep adding technologies without shared visibility or controls. To address mounting complexity while detecting and stopping modern threats, you need an integrated system of agile and open platforms that cover the network, devices and the cloud and enable centralised monitoring and management.
Like mosquitoes, malware is everywhere and is a formidable adversary. I don’t have great insights into what’s happening on the mosquito-fighting front. But I can say that the best minds in the cyber security industry are focused on the malware problem. Next week’s RSA Conference USA 2014 will be a great opportunity to start to assess the state of the industry and its progress in helping you deal with pervasive malware.
Anthony Perridge is the EMEA Channel Director at Sourcefire, now a part of Cisco.