The threat landscape is evolving and changing more rapidly than many traditional security companies can cope with – especially given that the bulk of threats discovered have been developed and orchestrated by highly sophisticated groups with a focus on financial gain.
For the first time in the history of the Internet we are seeing the establishment of a “virtual” mafia of organized criminals taking advantage of the anonymous nature of the Internet.
A good number of these “faceless” attacks are going un-noticed by authorities until it’s too late, and malware is becoming much more targeted towards specific entities as well as specific information.
Take, for example, several recent high-profile security breaches with well-known retailers. In all instances, hackers had apparently been coming and going for nearly two years until the attacks were finally noticed by the appropriate authorities.
In addition, more and more online consumers are falling victim to identity theft via malicious code than by any other means versus a few years ago. At that time people became victims not primarily by malicious code, but by other means such as dumpster diving, shoulder surfing and various other methods.
The unsettling reality is that in today’s world the rate of infected users is occurring faster and in greater volume than traditional security companies can detect and respond to. Unfortunately, this puts consumers and corporations at greater risk than all previous years combined.
According to the recent quarterly report provided by PandaLabs, the predominant category of malware detected is Trojans (over 75 percent). Trojans are comprised of password stealers, worms, banker Trojans, and various other forms of malicious code.
Nevertheless the goal is the same – financial or economical gain through unethical means.
Furthermore; in order to maintain their invisibility and harvest the personal details of their victims, cyber criminals are doing three things:
1. Developing and releasing malware at an overwhelming rate to saturate anti-malware labs with the intention of rendering traditional anti-malware solutions ineffective. The sad truth is that it’s working and current security solutions may reflect only 65 percent of what is really affecting users.
2. The malware itself has evolved to include a wide range of sophisticated techniques to evade analysis such as custom packers and cryptographic algorithms which are types of anti-reversing technologies.
3. The design and development of malware includes QA to ensure that their creation evades all known products on the market.
With these three things combined, it’s evident that users are becoming more infected then ever; even with up-to-date anti-malware technologies installed. To further articulate this problem, PandaLabs recently conducted a research study over the course of three months in order to obtain an accurate look at the current state of protection.
The study focused on two very real populations: 1.5 million consumers; and another study against 2,000+ companies. The end result was an astonishing rate of infection – and even though both groups believed they were protected –
consumers experienced a 22 percent active infection rate and even more astonishing, 72 percent of those on the corporate side were infected.
With this being said, traditional anti-malware solutions are failing to hit the mark in terms of providing adequate protection. Historically, security has been a signature based world. However, this model is rapidly failing under the overwhelming rate of infection being experienced today.
In fact PandaLabs receives over 4,000 new and unique malware samples on a daily basis. This is much more than the previous 15 years combined.
This leaves us with one question – “Are we really protected?”
And more importantly, how do we solve this problem? The solution lies partly in changing the way security solutions are designed and deployed. The traditional protection model is simply not working: it does not reflect the actual reality of what is detected on a daily basis by security vendors for several reasons outlined below.
1. Signature based solutions capture a small fraction of what we consider as in “the wild.” This is mainly due to the limitations in the fundamental architecture – i.e. file size, bandwidth limitations, design of the protection module, etc.
2. The anti-virus labs themselves do not have the manpower to process 100 percent of the samples received. Rather, a small percentage is included in the daily signature file.
Thus, we are left with millions of users not really protected in the midst of a rapidly changing dynamic.
So what must the industry do?
The current protection model must change to a model that reflects a more modern approach. In particular, security solutions must be developed to reflect the actual reality of malware detected on a daily basis. Why use a product that detects only a small portion of what is currently in circulation? Another modern way to address this is via automated methods and tools – that should be deployed within anti-virus (AV) labs to analyze malware and reduce the manual burden, thus increasing visibility into even the most targeted infections.
A new security model known as Collective Intelligence has now emerged with this new threat in mind. Simply put, Collective Intelligence automates and enhances the malware collection, classification and vaccination process by gathering detections from the Internet community at large, rather than locally. This approach is designed on the basis of the following principles:
- – ·Creating a truly global malware detection network that consists of over five million detection nodes strategically placed throughout the world;
– Reducing the manual effort required to process the thousands of samples received daily, thereby increasing the capacity and visibility the AV lab has in terms of malware. This is done by deploying technologies within “the cloud,” to automate and enhance the malware collection, classification and remediation involved with a standard cycle;
– Allowing a much greater detection ratio by utilizing signatures within “the cloud,” rather than locally through resident protection;
– Creating one of the largest malware databases ever developed, with over two million malware signatures and counting;
– Establishing the ability to perform malware audits from virtually any location, on any system of any size, without existing security software conflict; and
– Detecting and removing sophisticated types of malware that otherwise go undetected with traditional security solutions.
The malware landscape has changed so quickly that many consumers and companies alike are only just now realizing that the security measures of the past are no longer effective against the new and emerging breed of highly sophisticated malware.
Research indicates that the percentage of networks that are infected is much larger than perceived, and certainly far greater than acceptable.
The tools do exist, however, for IT professionals and corporate decision makers to fully analyze their networks and determine whether or not they may be infected by these new types of threats. With every passing day, these decision makers must change the way they think about security – and understand that to be fully protected, a new approach to malware must be adopted.