
The phrase ‘know your enemy as well as you know yourself’ is often quoted in IT security. But with the sheer number and complexity of cyber attacks, getting to know the enemy is a huge task. Adversaries line up daily, using a bewildering array of malware threats to try to disrupt operations or stealthily siphon confidential data. And organisations remain vulnerable to zero-day attacks given the volume of new malware that can hide in plain sight in innocuous-looking files. So, although we may not know everything about every enemy, new security technology can reveal vital intelligence that can be used to identify and nullify new risks that arise every day.
Cyber crime has become big business, and as in any other business sector, criminals want to boost revenues and grow market share. To increase the likelihood of success, they target hundreds, even thousands of companies. In 2012, an average of 70,000 to 100,000 new malware samples were created and distributed daily – over ten times more per day than in 2011 and over 100 times more than in 2006. Check Point’s 2013 Security Report found that 63 per cent of organisations were infected with bots, and more than half were being infected with new malware at least once a day. Keeping pace with this massive growth is proving impossible for conventional anti-malware approaches.Hiding in plain sight
Stealthy malware, the attack technique most commonly used, is difficult to detect and is designed to operate below the radar of IT teams. The code for a majority of these new malware types is concealed in common file formats that we all use for business – emails and their attachments, including Word documents, PDFs, Excel spreadsheets and so on. Hacker toolkits can obscure these executable scripts in order to disguise their malicious actions, which may mean changing the registry on a user’s computer or downloading an executable file which can then infect the network.Scanning for malware
This isolation and evaluation process is done using a technique called threat emulation. Rather like a border control’s X-ray scanners, the technique makes it possible to look inside suspect files arriving at the gateway – either as email attachments or as downloads from the web – and to inspect their contents in a quarantined area known as a ‘sandbox.’ This self-contained, virtualized version of a computer environment acts as a safe area for running various applications that may be risky or destructive.Share this story