Security Experts:

Redefining Malware: When Old Terms Pose New Threats

Enterprises Need to Grasp That the Very Nature of Malware has Completely Changed...

I’ve often noticed that despite all of the major changes that the business world has experienced over the past few years -- many of which could be classified as transformational innovations and total reinventions -- we’re often stuck using the same old terms to describe completely new things.

And while this divergence is typically, and thankfully, something for linguists and lexicographers to grapple with instead of CTOs like me, there are situations where failing to grasp an old term’s new meaning can pose a significant danger to the stability, success and in some cases, survival of an enterprise. And in my view, there is no clearer example of this than the term “malware”.

Evolution of Malware

Long ago, malware was typically created and deployed by script kiddies bent on flexing their programming muscles. That’s not to say that all malware attacks were harmless pranks; some were severe, and all of them were technically illegal. But they generally weren’t devastating, and enterprises found that setting up perimeter security (e.g. signature-based antivirus products, firewalls, secure web gateways, and so on) was enough to keep malware from infecting their network and causing major damage. But that was then.

Now, just as the business world is in many ways unrecognizably different compared to years ago, today’s malware is a completely different and qualitatively more dangerous threat to enterprises for three core reasons:

1. New Threat Actors: As the technology to create and deploy malware has entered the mainstream, rebellious script kiddies have given way to sophisticated adversaries, hacktivists and nation states intent on fulfilling their illicit economic, social or political agendas. As such, instead of merely damaging machines, today’s threat actors are using malware to gain access and control corporate networks, as well as steal an enterprise’s intellectual property (IP) and other private data.

2. New Attack Approaches: In the past, malware attacks were typically quick, broad and indiscriminate. Now, they’re precise, targeted and unfold in multiple stages that include an initial probe of a victim’s network security system to identify vulnerabilities, and render perimeter security systems defenseless and ineffectual. In fact, it’s not unusual these days for some malware to do nothing except invade a network for the purposes of “opening a door” for future attacks that will occur much later.

3. New Masking Tactics: There was a time when one of the main objectives of a malware attack was to make as much noise as possible. Now the opposite is true, and today’s advanced malware is unnervingly capable of silently persisting on a network for weeks, months or even years without making a sound and setting off perimeter security alarm bells. What’s more, if today’s adversaries find that their attack is too noisy for their liking, they can outright destroy machines to cover their tracks (which is what happened in the Shamoon malware campaign), or they can deploy polymorphic malware that keeps changing to avoid detection by traditional security products.

Ultimately, these core reasons combine to paint the picture of a chilling new reality; one in which enterprises need to grasp that the very nature of malware has completely changed from what we could drolly refer to as “the good old days” of script kiddies and indiscriminate machine destruction. Today, a potentially catastrophic combination of new threat actors, new attack approaches, and new masking tactics demand that enterprises redefine malware, and make all necessary investments in people, technology and systems to stay one step ahead.

Because, no matter how much malware changes (and assuredly, it will), we all know for certain that the cyber threat landscape is only going to get more treacherous as the future unfolds.

Related: Getting a Handle on the Scale of Modern Malware

view counter
Aviv Raff is Co-Founder and Chief Technology Officer at Seculert. He is responsible for the fundamental research and design of Seculert’s core technology and brings with him over 10 years of experience in leading software development and security research teams. Prior to Seculert, Aviv established and managed RSA’s FraudAction Research Lab, as well as working as a senior security researcher at Finjan’s Malicious Code Research Center. Before joining Finjan, Aviv led software development teams at Amdocs. He holds a B.A. in Computer Science and Business Management from the Open University (Israel).