Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Malware crooks using dated techniques to attack networks

Byron Connolly | April 9, 2015
Quiet, targeted attacks also proving to be more effective for malware authors.


Malware authors are using dated measures that are still good enough to penetrate enterprise networks. In fact, 99.3 per cent of malware in 2014 took advantage of 'command and control' infrastructure used by at least one other malware author.

This was a key finding of Websense's 2015 Threat Report, which found these new pieces of malware are reaching out to command and control servers and systems that have been used before.

"More than 99 out of every 100 threats are going to touch something on the globe that we have seen before," Charles Renert, VP of research and development for Websense told CIO.

Renert said this makes it much easier for malware writers to make small changes to the overall attack infrastructure to bypass security controls and deliver the attack code through the same sources.

"So on the one hand, you get that sort of reuse, that economy of scale. On the flipside, you get a rapid variation of the ways in which users are being sent to those command and control servers. They'll be getting brand new URLs, brand new emails, or maybe a slightly modified bit of malware -- every few minutes we are discovering [new malware], we detected nearly four billion of these in calendar 2014.

"What hackers do to generally be successful is recreate and make slight adjustments across a number of different angles to fool our current security tools," he said.

Dealing with this 'rapid variation' in malware attacks is a big challenge for CIOs and CSOs, said Renert.

He said although security teams can identify 99 per cent of malware attacks with existing command and control infrastructure, this still leaves one per cent or 40 million of the four billion attacks that are using new methods to escape detection.

"That's a lot of attacks that can get through. So the call to action for CIOs and CSOs is that it's not enough just to deploy the tools, they also need a team of experts that understands those indicators but can then generalise to how they are being attacked, what data might be at risk, and what areas of their network might be more vulnerable than others," he said.

Renert said every organisation of reasonable size has been compromised with malware or has been taken over by a botnet that is sending command and control instructions to a network outside the corporate infrastructure.

This means organisations need to not only defend their perimeter but have validation points for everything that is coming in and going out of the network, he said.

Still, he said there's no guarantee that all new threats are being stopped and CIOs and CSOs are battling with the expense associated with hiring the right security experts.


1  2  Next Page 

Sign up for CIO Asia eNewsletters.