Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cloud Security

Redefining Malware: When Old Terms Pose New Threats

Enterprises Need to Grasp That the Very Nature of Malware has Completely Changed…

Enterprises Need to Grasp That the Very Nature of Malware has Completely Changed…

I’ve often noticed that despite all of the major changes that the business world has experienced over the past few years — many of which could be classified as transformational innovations and total reinventions — we’re often stuck using the same old terms to describe completely new things.

And while this divergence is typically, and thankfully, something for linguists and lexicographers to grapple with instead of CTOs like me, there are situations where failing to grasp an old term’s new meaning can pose a significant danger to the stability, success and in some cases, survival of an enterprise. And in my view, there is no clearer example of this than the term “malware”.

Evolution of Malware

Long ago, malware was typically created and deployed by script kiddies bent on flexing their programming muscles. That’s not to say that all malware attacks were harmless pranks; some were severe, and all of them were technically illegal. But they generally weren’t devastating, and enterprises found that setting up perimeter security (e.g. signature-based antivirus products, firewalls, secure web gateways, and so on) was enough to keep malware from infecting their network and causing major damage. But that was then.

Now, just as the business world is in many ways unrecognizably different compared to years ago, today’s malware is a completely different and qualitatively more dangerous threat to enterprises for three core reasons:

1. New Threat Actors: As the technology to create and deploy malware has entered the mainstream, rebellious script kiddies have given way to sophisticated adversaries, hacktivists and nation states intent on fulfilling their illicit economic, social or political agendas. As such, instead of merely damaging machines, today’s threat actors are using malware to gain access and control corporate networks, as well as steal an enterprise’s intellectual property (IP) and other private data.

2. New Attack Approaches: In the past, malware attacks were typically quick, broad and indiscriminate. Now, they’re precise, targeted and unfold in multiple stages that include an initial probe of a victim’s network security system to identify vulnerabilities, and render perimeter security systems defenseless and ineffectual. In fact, it’s not unusual these days for some malware to do nothing except invade a network for the purposes of “opening a door” for future attacks that will occur much later.

3. New Masking Tactics: There was a time when one of the main objectives of a malware attack was to make as much noise as possible. Now the opposite is true, and today’s advanced malware is unnervingly capable of silently persisting on a network for weeks, months or even years without making a sound and setting off perimeter security alarm bells. What’s more, if today’s adversaries find that their attack is too noisy for their liking, they can outright destroy machines to cover their tracks (which is what happened in the Shamoon malware campaign), or they can deploy polymorphic malware that keeps changing to avoid detection by traditional security products.

Advertisement. Scroll to continue reading.

Ultimately, these core reasons combine to paint the picture of a chilling new reality; one in which enterprises need to grasp that the very nature of malware has completely changed from what we could drolly refer to as “the good old days” of script kiddies and indiscriminate machine destruction. Today, a potentially catastrophic combination of new threat actors, new attack approaches, and new masking tactics demand that enterprises redefine malware, and make all necessary investments in people, technology and systems to stay one step ahead.

Because, no matter how much malware changes (and assuredly, it will), we all know for certain that the cyber threat landscape is only going to get more treacherous as the future unfolds.

Related: Getting a Handle on the Scale of Modern Malware

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

CISO Conversations

SecurityWeek talks to Billy Spears, CISO at Teradata (a multi-cloud analytics provider), and Lea Kissner, CISO at cloud security firm Lacework.

Cloud Security

Cloud security researcher warns that stolen Microsoft signing key was more powerful and not limited to Outlook.com and Exchange Online.

CISO Strategy

Okta is blaming the recent hack of its support system on an employee who logged into a personal Google account on a company-managed laptop.

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...