In the article, “IT security industry collaboration could eliminate 90% of malware,” Eugene Kaspersky, co-founder and chief executive of Kaspersky Lab, recently told attendees at Infosecurity Europe 2011 that identifying malware faster would reduce the number of initial infections to the point that it would break the business model of most cyber criminals.

“The number of initial infections will be so low that it will cost cybercriminals more to develop the malware than they are able to recoup.”

In all due respect to Mr. Kaspersky, there are two things that we take exception to in this article.

First, even in the best possible scenario where all the crowd-sourcing came together perfectly, you’re stopping 90% of nuisance, known malware. This kind of reactive approach is no solution for protecting our systems from the truly advanced, sophisticated targeted threats that are becoming the norm today.

Second, Mr. Kaspersky mentions whitelisting, but he uses the term inaccurately–in the same way most incumbent blacklisting providers do. True application whitelisting solutions enforce a whitelist of approved applications, thereby preventing the execution of all other applications (including zero day malware, etc.). Incumbant blacklisting providers like Mr. Kaspersky, in an attempt to protect their revenue streams and compete against other blacklisting solutions, have bastardized the term whitelisting as a way to make blacklist scans more efficient. They are mangling the term to describe a process wherein the performance impact of blacklist scans are reduced because “whitelisted” (“known good”) files do not need to be included in blacklist scans. This does not make endpoints more secure, it makes blacklisting more efficient.

Instead of relying on reactive approaches to stop the vast majority of nuisance malware, application whitelisting solutions proactively prevent all unapproved code from running on a system–including new or unknown malware that remains under the radar of reactive, information sharing approaches.

Night Dragon is a fascinating attack, with all sorts of international intrigue including links to entities in China (for a great primer on purported Chinese involvement in cyberattacks, check out Richard Stiennon’s blog). However, the multi-pronged attack is easily prevented by any good application whitelisting solution–just like Stuxnet.

Night Dragon utilizes multiple remotely controlled applications on servers and PCs. Application whitelisting solutions like CoreTrace Bouncer stop Night Dragon and Stuxnet type attacks by preventing the execution of all applications that are not on the whitelist for each computer in the infrastructure — including both malicious and legitimate remote control applications used in these attacks.

I think it is worth noting that the same week Night Dragon was unveiled, both the UK and US governments raised alerts about cyber attacks.

First, UK foreign secretary, William Hague, disclosed at a security conference how cyber criminals are trying to infiltrate the UK government and defense contractors. He also pointed out that the threats aren’t unique to his government.

In the article, “UK foreign secretary: ‘We’re under attack’,” Mr. Hague said malware, social engineering and targeted phishing are gaining momentum against government organizations and businesses all over the world. He added that the attackers had infected government computers with the Zeus trojan, similar to the Zeus malware attacks seen by the U.S. Department of Homeland Security last year.

Second, a recent Pentagon Cyber Crime Center report that said computer-related crime, intrusions and data theft rose 37% in the volume of material it studied last year. The U.S. Defense Department agency, which conducts forensic analysis of cyber crimes involving military personnel, said it processed 372 terabytes of customer data last year, a 100 terabyte increase (37% jump) over 2009.

Once again, most of the attacks would have been thwarted by simply stopping the execution of unauthorized applications, no matter how they entered the system.

Anyone else notice more than a few themes repeating themselves???

In this week’s release of the McAfee Threats Report: Third Quarter 2010, the security software maker claims that malware reached an all-time high, averaging 60,000 new threats each day in the third quarter. That number has nearly quadrupled since 2007. And for the year, McAfee has discovered 14 million unique pieces of malware, which is a million more than the same time last year.

As cybercriminals continue to become more savvy and their attacks more severe, Mike Gallagher, senior VP and CTO of Global Threat Intelligence for McAfee, said:

“Cybercriminals are doing their homework, and are aware of what’s popular, and what’s insecure. They are attacking mobile devices and social-networking sites, so education about user activity online, as well as incorporating the proper security technologies are of utmost importance.”

Incorporating the proper security technologies is the key. We can no longer afford to rely solely on “status quo” antivirus products that are becoming increasingly ineffective in detecting more sophisticated threats and are slowing our systems. For organizations that want to effectively and efficiently stop growing malware threats, the time has come for a new approach.

From both a security and performance standpoint, application whitelisting automatically stops any unauthorized applications from executing without impacting performance like traditional antivirus products do. CoreTrace’s BOUNCER improves security and endpoint performance by combining application whitelisting solutions for real-time malware protection and cloud-based blacklists for detection and reporting. Yes, incorporating the proper security technologies is of the utmost importance. The time has come for a new approach, and that time is now.

In the article, “Attackers can take out critical infrastructure, but profit lies elsewhere, researcher says,” Jason Larson, a security researcher at the Idaho National Laboratory, said there’s plenty of evidence that hackers have already infiltrated control systems that run power generation plants, gas and oil refineries, and other chemical factories, but so far their activity is observational.

“If you are going to wait for the explosions you’re going to be waiting for a long time. They don’t seem terribly interested in wrecking the place — at least not yet… Destroying processes completely is not really profitable. It’s more profitable to monitor and wait for the perfect opportunity.”

According to Larson, once inside the network of critical infrastructures hackers appear to be focusing on monitoring how the processes within the facilities work. Speaking at the Forum of Incident Response and Security Teams (FIRST) Conference 2010, Larson suggested that an increase in wireless field equipment, including embedded devices and the high speed communication links they connect to, are making control systems more vulnerable. As a result, much more research needs to be done to improve the security of embedded devices and produce standards so security experts can access firmware in the event of a breach.

As we know, regulations alone won’t solve the problem. I agree with Larson when he says that compliance does not equal security. While we all know meeting industry standards helps increase network security and defend our infrastructures against new threats, it does not completely provide it. It can take years to create Federal mandates, which are never updated fast enough to keep up with evolving cyber threats.

The longer a company waits, the more intrenched malware can sit silently monitoring network processes and waiting for the best opportunity to attack. That’s why it is so important for organizations to be proactive instead of waiting for a catastrophe to happen and reacting. Because when it comes down to it, network penetration can and does occur, whether we know if or not.

In the article, “Cyber attacks worry firms more than terrorism,” the “2010 State of Enterprise Security Study” conducted by Symantec Software Solutions Pvt. Ltd. found that 42% of companies representing industries such as telecom, hospitality, manufacturing, retail and technology perceive cyber attacks as the biggest threat to their enterprises.

One reason cited was the lack of adequate network security. Over the past year, 66% of companies surveyed said they had experienced cyber intrusions while 51% reported repeated attacks. The study also pointed out that deployment of enterprise security has turned into a difficult task for many organizations. Said Vishal Dhupar, managing director at Symantec:

“Enterprise security is understaffed and the most affected areas in organizations are network security, web security and data-loss prevention. To tackle the issue, companies need to secure their messaging and web environments and defending critical internal servers. They should also have the ability to back up and recover data and respond to threats rapidly.

With the rise in malicious attacks targeting sectors that can have a significant impact on India’s economy, one has to wonder if cyber attacks and terrorism weren’t one in the same. As I mentioned in a recent blog, “Are we in a cyberwar or not?” cyber threats continue to have a growing impact on our nation’s economy and global competitiveness. Although U.S. Cyber Czar, Howard Schmidt, may not think we are engaged in cyber warfare, the impacts from targeted attacks are being felt everywhere, and are top IT concerns for many organizations and nations around the world.