Legacy Malware and Legacy Systems Are Not a Legacy Problem

Companies must be wary of chasing shiny new threats with shiny new defenses, while leaving legacy systems vulnerable to legacy malware. 

Trend Micro calls the legacy threat ‘Throwhack’; after the more benign ‘Throwback Thursday’ social media trend; but, says principal security strategist Bharat Mistry in a blog published today, “there’s nothing entertaining about this list of legacy security challenges.”

Mistry points to Conficker (dating back to 2008). “Throughout 2017 we saw monthly detections of around 20,000; meaning it’s still highly active.” In conversation with SecurityWeek, he agreed that the majority of detections were in the Far East with few appearing in the U.S. or Europe; but warned that Far East breaches could get into the supply chain of Western organizations.

Heartbleed is another old threat that hasn’t gone away. “Despite surfacing and being patched in 2014, nearly 200,000 servers and devices were reported as exposed last year.”

The problem goes deeper than just old malware — it is exacerbated by the continued use of old and unsupported systems. “Spiceworks has claimed that 68% of US, Canadian and US firms still run Office 2007, while it has also been reported that around 20% of US and UK healthcare organizations still run Windows XP. It doesn’t take much to understand the dangers of running unsupported systems,” he writes.

One of the problems, he told SecurityWeek, is that new security products are not always old problem aware. “Machine learning systems,” he said, “often ‘learn’ to detect malware based on current threats. They simply aren’t taught to detect old behaviors; and can miss them.”

To be fair, he isn’t advocating abandoning new machine learning detection products or methods, only pointing out that on their own they aren’t enough. “Wherever possible,” he said, “organizations should employ traditional anti-malware products as well as new machine learning products.” He added that the challenge of the smaller processing overhead from ML systems has spurred traditional anti-malware into designing and implementing new approaches that reduce their own overhead.

Nevertheless, he stresses that one of the best solutions to legacy malware is to update or upgrade legacy systems: newer versions of old operating systems are no longer susceptible to old vulnerabilities. 

“If updating your OS is not possible, for whatever reason, use vulnerability shielding/virtual patching on the endpoint or intrusion prevention at the network level. It’s ideal for mitigating the impact of older malware like Conficker which exploits vulnerabilities. It protects legacy systems by providing convenient and automatic updates, allowing organizations to maintain protection while minimizing their patch management costs.”

Related: Threat Hunting with Machine Learning, Artificial Intelligence, and Cognitive Computing 

Related: Machine Learning CrowdStrike Joins VirusTotal