An explosion of fresh customized malware continues to leave even the industry’s top security products lagging behind as organizations are doing everything they can to protect their networks and customers. Congress has even stepped up their efforts to pass legislation that better protects our digital and critical infrastructures from new cyber threats. But with more targeted attacks successfully exploiting enterprises, the question that still remains is: Are we doing enough? Here were some of the top security stories from June 2010.
Study finds security software ineffective against growing malicious programs
Further research confirms that security software companies continue to have a difficult time keeping up with an explosion of malicious software programs. A recent independent study showed that a wide range of endpoint security software from top vendors take an average of two days to block a website designed to attack a computer visiting the site. The findings indicate that security companies still need to make vast improvements in their ability to detect the more than 50,000 new malicious programs that are found each day. According to the report:
“The magnitude of these findings should be nothing short of an alarming wake-up call for the security industry.”
The study concluded that today’s enterprises are most at risk from fresh customized malware. Security companies share malware samples, but if no company sees or detects the malware, it could quietly circulate and potentially infect machines, stealing data and leaving clients unaware of new threats. Even if malware is undetected for a short period of time, it still is enough of a window to infect a corporate network.
Modern security threats require defense-in-depth approach
Targeting an organization’s crown jewels, money or infrastructure, today’s more organized cyber criminals are launching attacks that infiltrate company networks and steal data over time without being detected. Unfortunately, traditional perimeter-based solutions are no longer effective in fighting advanced persistent threats and other malware attacks that may already be inside a network.
Rather than focusing on perimeter defenses to stop the next wave of cyber threats, John Wang, security architect at NASA, said understanding hackers’ motivations and determining what information a company wants to protect is an important part of any cybersecurity strategy.
“The fight starts with understanding what you’re trying to protect. Perimeter defenses are no longer effective, if they ever were. It’s harder to fight a war from the inside than maintaining the perimeter. It requires additional resources.
Wang added that organizations need to take a defense-in-depth approach — a strategy that hasn’t received as much attention with all the focus on perimeter defenses. That approach includes log aggregation, application whitelisting, “encryption everywhere,” and a security operations center for incident response.
Cybersecurity bill is a step in the right direction
One of today’s most debated U.S. Senate bills is the Protect Cyberspace as a National Asset Act (PCNAA). Opponents argue the bill gives the president too much power to shut down parts of the Internet in the event of a cyber emergency. Supporters say the bill will strengthen the mechanisms by which the government and private industry protect the safety and security of the Internet. In late June, the bill was approved by the U.S. Senate committee, but currently waits for a vote on the Senate floor.
Many agree that the U.S. is not adequately prepared for a major cyber attack that could disable power grids, essential water and sewage systems, and hamper our financial systems. But while both sides continue to debate on how much control the government should have in a cyber emergency, the fact that Congress is focused on passing legislation that will boost the country’s cyber defense is a step in the right direction.
Zero day flaws found in popular web malware exploitation kits
A team of security researchers found 12 zero day flaws targeting some of the most commonly used web malware exploitation kits such as Eleonore, Neon, Liberty, Lucky and Yes. The use of these vulnerabilities could lead to hijacking of the admin panel or retrieving the admin password, potentially disrupting a criminal campaign and expose the person behind it.
For the security community, such flaws could help efforts to launch offensive attacks against cyber criminals by exploiting the same malware kits they use to infect thousands good users every day. For more collaborative efforts such as the Internet Fraud Service Alert, exploits like these can provide companies with information about compromised credentials that would allow them to take quick, appropriate action to thwart criminal activity and protect their customers.
Thanks for stopping by and reading this blog. I encourage any feedback or comments on these relevant security topics.
As a long-time follower of the software security market, it’s clear now that security officers and others concerned about the onslaught of more nefarious types of malware are starting to catch on to the futility of trying to keep up. Over time the market will inevitably transition to whitelisting.
“But with more targeted attacks successfully exploiting enterprises, the question that still remains is: Are we doing enough?”
Of course we are not doing enough. Enterprises still have the mindset of being reactive, not proactive when it comes to network security. Until businesses move away from relying mostly on signature based products (i.e. McAfee and Symantec) they will always be one step behind the enemy.
Most of the products out there are still trying to react to the aftermath of the attack and are not trying to actually stop the attack vector being used (i.e. the vulnerability). If you can protect from the vulnerability then you can stop the majority of the payloads (that signature based products can not keep up with) from being delivered to the local system in the first place. Custom malware normally targets a specific vulnerability or flaw in a system or application and uses it to propagate itself.
Only a few security companies really seem to understand this concept. From day one eEye Digital Security has and they have created a fantastic security endpoint suite that addresses these security issues:
http://www.eeye.com/Products/Blink