Security objectives are constantly moving targets, and, in the modern age, they’re moving a lot faster than they use to. Recent attacks have revealed that cyber criminal tactics are becoming increasingly sophisticated even when they’re using old tricks. The series of attacks against U.S. banks in September revealed that layered security measures need to stay up-to-date to defend against even common attacks.
For example, the hackers who targeted the financial industry in the United States used volunteers to orchestrate large-scale distributed-denial-of-service attacks. Because they used volunteers rather than relying entirely on botnets, it became more difficult for security measures to filter DDoS traffic from legitimate user traffic. However, the evolution of cyber criminal activity doesn’t stop there. Hackers are creating malware and uncovering new vulnerabilities to deliver malicious software every day. Yet, in some cases it can take several months before a vulnerability is patched.
This problem was recently highlighted in a Wired article written by malware researcher Adam Kujawa. Kujawa said the problem lies with traditional antivirus software, which is innately reactive in that it checks software code against a list of blacklisted programs. In the early days of computing, the technology worked because there was little variation in malware code. According to Kujawa, recent threats are constantly modified so that they can sneak past antivirus solutions, but that isn’t the only problem modern cybersecurity experts face.
“Secondly, and most importantly in my view, the production and distribution of criminal software has become vastly democratized,” Kujawa wrote, referencing the popularity of malware toolkits such as Blackhole. “When I was young, it was almost impossible to get into the world of hacking, cracking and malware, you had to know a guy who knew a guy and while the learning resources were there, you had to dig deep to find anything useful.”
A world of expanding threats
Blackhole, a platform for malware developers to design new malicious software, is a good example of why a shift in security consciousness is necessary. Security researchers know about the platform and continue to link threats back to it. Despite the publicity it generates, it still remains a common and effective platform for compromising devices.
As a recent v3.co.uk article pointed out, security researchers recently found that Blackhole is responsible for about a third of all drive-by download attacks. In addition, nearly half of all web pages that delivered exploits were based on two malware toolkits: Blackhole and Incognito. Tools like these are particularly dangerous because they allow developers to quickly add functionality and adapt existing malware to respond to new security measures. It’s kind of like the iPhone application market, but for cyber criminals.
“Even so, because the crooks are using the exploit kits to target popular website, they are able to infect thousands of users, even with just a 2.5 hour window of opportunity,” the article stated. “While the dangers of drive-by downloads has been widely recognized, the researchers warned that the proliferation of malware toolkits such as Blackhole is fermenting a revolution in cybercrime.”
Building layered security
So, how does one reach a goal that is always moving? Many experts highlight the value of education. It is true that users should be aware of the most recent threats and tactics so that they can take better responsibility for their own online security. However, the bad guys have increasingly sophisticated tools at their disposal, so users should also equip themselves with more effective defenses.
In light of the attacks against the U.S. financial industry, CSO Online columnist Liam Tung offered some advice for avoiding risk posed by data-mining malware. Affected banks were advised to adopt application control as a solution rather than rely solely on antivirus. Application control is better poised to mitigate the risk posed by new, unpatched threats because these solutions rely on a list of accepted code signatures rather than a program blacklist. As cyber criminal tactics continue to evolve, it is likely that there will be significantly more unknown threats. Education is one layer of protection, but security technology also needs to adapt in order to give educated users effective tools for defending themselves.
Are security companies doing enough to protect users? What strategies would you suggest to protect against new threats? Let us know what you think in the comments.