The Evolution of Malware and Security Compromise

By Lee Gitzes ·

Malware is evolving and changing at an unprecedented rate. The fact is that 95% of all organizations have been compromised, without their knowledge, in the last two years. This means that that data could be walking out the door right under their noses. To make matters worse, the capabilities of these threats are increasingly moving away from hijacking our resources to being destructive and costing organizations millions.

How has this happened?

There are two primary reasons this has occurred. The first is a result of security getting better (ironically). In the past, a hacker would try to find an open port on a firewall or an open exploit on a vulnerable operating system that they could break into. However, over the last 10 years, most of those holes have disappeared. This meant coming in through the front door was no longer an option. More sophisticated approaches, such as spear fishing and human engineering, are now used to trick users into bringing malicious software into the network. Now, no matter how tight the front door is, the back door is pretty much wide open, especially with today’s modern mobile workforce.

The second reason is that the security platforms that did work have not evolved. Most firewalls protect the perimeter and inspect data at the port level, stopping at layer 4. Anti-Virus software updates definitions on a daily basis and protect the endpoint from infection, should something get past the firewall. These technologies have worked this way since the early 2000’s and matured to the point that they worked exactly as they should. The focus has been the payload. The issue is that the bad guys have found ways to get their software in and your data out, right under the nose of your fortified security infrastructures. Today’s malware is zero day, infecting systems before DATs exist. Even worse they can be polymorphic, regenerating copies of themselves instantly, rendering endpoint AV software useless. They also realized that most, if not all enterprise networks expect to see HTTP, HTTPS and DNS traffic moving in and out of the network on a regular basis. New exploits leverage these common protocols for communication, getting right by the port based, stateful firewall.

In order to protect ourselves, knowledge is power. The entire lifecycle of a potential threat must be guarded against from the perimeter to the private trusted network, down to the endpoint. Visibility must be end to end, to the bits that are moving through the pipes. The most crucial challenge is that now the end user is the weakest link. Human error is exploited to get in, this means that there is virtually no way to completely ensure that malware will not get into our private networks. We now have to assume that it will, as well as have the proper measures to prevent it from causing any harm.

5 Steps of Modern Malware

Technologies that need to be reviewed are listed below.
  • Next generation firewall (app aware/layer 7)
  • East West layer 7 visibility
  • Next generation web and mail security
  • IPS/IDS
  • Sandboxing
  • Endpoint Protection
Modern threats have moved well beyond the payload.  We now need to ensure that our security measures provide the visibility to see these new invisible threats.

Attack Stages Modern Malware