Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cloud Security

Redefining Malware: When Old Terms Pose New Threats

Enterprises Need to Grasp That the Very Nature of Malware has Completely Changed…

Enterprises Need to Grasp That the Very Nature of Malware has Completely Changed…

I’ve often noticed that despite all of the major changes that the business world has experienced over the past few years — many of which could be classified as transformational innovations and total reinventions — we’re often stuck using the same old terms to describe completely new things.

And while this divergence is typically, and thankfully, something for linguists and lexicographers to grapple with instead of CTOs like me, there are situations where failing to grasp an old term’s new meaning can pose a significant danger to the stability, success and in some cases, survival of an enterprise. And in my view, there is no clearer example of this than the term “malware”.

Evolution of Malware

Long ago, malware was typically created and deployed by script kiddies bent on flexing their programming muscles. That’s not to say that all malware attacks were harmless pranks; some were severe, and all of them were technically illegal. But they generally weren’t devastating, and enterprises found that setting up perimeter security (e.g. signature-based antivirus products, firewalls, secure web gateways, and so on) was enough to keep malware from infecting their network and causing major damage. But that was then.

Now, just as the business world is in many ways unrecognizably different compared to years ago, today’s malware is a completely different and qualitatively more dangerous threat to enterprises for three core reasons:

1. New Threat Actors: As the technology to create and deploy malware has entered the mainstream, rebellious script kiddies have given way to sophisticated adversaries, hacktivists and nation states intent on fulfilling their illicit economic, social or political agendas. As such, instead of merely damaging machines, today’s threat actors are using malware to gain access and control corporate networks, as well as steal an enterprise’s intellectual property (IP) and other private data.

2. New Attack Approaches: In the past, malware attacks were typically quick, broad and indiscriminate. Now, they’re precise, targeted and unfold in multiple stages that include an initial probe of a victim’s network security system to identify vulnerabilities, and render perimeter security systems defenseless and ineffectual. In fact, it’s not unusual these days for some malware to do nothing except invade a network for the purposes of “opening a door” for future attacks that will occur much later.

3. New Masking Tactics: There was a time when one of the main objectives of a malware attack was to make as much noise as possible. Now the opposite is true, and today’s advanced malware is unnervingly capable of silently persisting on a network for weeks, months or even years without making a sound and setting off perimeter security alarm bells. What’s more, if today’s adversaries find that their attack is too noisy for their liking, they can outright destroy machines to cover their tracks (which is what happened in the Shamoon malware campaign), or they can deploy polymorphic malware that keeps changing to avoid detection by traditional security products.

Ultimately, these core reasons combine to paint the picture of a chilling new reality; one in which enterprises need to grasp that the very nature of malware has completely changed from what we could drolly refer to as “the good old days” of script kiddies and indiscriminate machine destruction. Today, a potentially catastrophic combination of new threat actors, new attack approaches, and new masking tactics demand that enterprises redefine malware, and make all necessary investments in people, technology and systems to stay one step ahead.

Because, no matter how much malware changes (and assuredly, it will), we all know for certain that the cyber threat landscape is only going to get more treacherous as the future unfolds.

Related: Getting a Handle on the Scale of Modern Malware

Written By

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Cybercrime

CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.

Cybercrime

Chinese threat actor DragonSpark has been using the SparkRAT open source backdoor in attacks targeting East Asian organizations.