Some weeks, I feel really good about the direction computer security is going on; other weeks, and this is one of those other weeks, everywhere I turn there seems to be more bad news.
In a report at Symantec Solutions, it states that, as hard as it might be to imagine, many IT professionals will look back on these days and see them as the good old days of corporate security. To me, I hate to say it, but in every way it looks to be true. Computer security seems to be getting more dangerous by the day, and they don't take weekends off.
A short time ago, malware came in three basic threats: viruses, worms, and Trojan horses. Today there are still viruses, worms, and Trojan horses, but there is also spyware, adware, rootkits, botnets, phishing, and search engine hijacking. These newer attacks, unknown just a few years ago, are much more sophisticated, and also represent a major change in computer hacking.
The first change is, as with the sheer number of new types of attacks listed above, there are just so many more types of attacks coming from so many different delivery methods. Criminals are combining malware, which we can now basically call crimeware, into blended attacks that make them all that much more difficult to detect and repel. Also, these attacks are incorporating much more of a social-engineering element and requires some amount of interaction (like the attack I wrote about yesterday, which perfectly imitated internal email and told employees they were being fired, and once they clicked on the attached link, downloaded a key logger).
The other great change is, like now calling malicious software crimeware, is a change in the underlying motivation of hacking. What was once ego based, as in trying to attack the most systems with the most clever and disruptive type of virus or such, the newer attack is pure stealth, as the longer they go unnoticed, the more information they can hijack and the more money they can steal. Very simply, the new hacker is purely profit-driven.
So how should companies prepare for these new types of attack?
Symantec says that companies need to improve their threat response. The rise of blended attacks means IT departments need more integrated, comprehensive approaches. For example, an integrated, high-quality anti-virus solution combined with an e-mail scanning system and a firewall represent a far more difficult challenge then they do individually.
Also, as I've said repeatedly, update, and update often. As it seems even Microsoft will be offering updates more frequently then the monthly scheduled Patch Tuesday, companies must keep up with updates. That includes scheduling more scans to detect crimeware, as some sit dormant in systems waiting for a downtime between scans.
Finally, IT managers should have a plan that, if their systems are compromised, they sill have access to the data they need to keep the company going. This plan has an added benefit in that it will provide preparation for any type of disaster, not just from crimeware.
Tags: Crimeware, Malware, Trojan Horses
Leave a comment