//
you're reading...
Information Security, IT & TECHNOLOGY

Customized Malware—The Game Changer


ISACA-Logo

“How secure is our network from unauthorized access?”

If you are an information security or risk management professional, you have undoubtedly become accustomed to having this question asked of you, likely with increased frequency. Those posing this question, whether a senior manager or an individual serving on your board of directors, are acutely aware of the dramatic increase in cyber attacks and the consequences associated with the unauthorized access of customer information, proprietary corporate data or intellectual property. Given your respective role, it is, therefore, logical that individuals turn to you for reassurance that the organization’s confidential information is adequately protected from the rapidly evolving array of external threats.

The next time that you are asked this question, I urge you to reflect on this article. Before you launch into your practiced response of describing the myriad technical controls you have deployed to secure your network perimeter, a best-in-class firewall, robust anti-virus software and a data loss prevention solution, it is advisable to remember this indisputable fact: customized malware has rendered these technologies increasingly ineffective. If you are performing an information security or risk role, you must recognize that a new generation of prolific hackers are routinely deploying customized malware to successfully penetrate the networks of sophisticated, multinational corporations. Therefore, the traditional approach of combating this threat through a technology centric strategy is obsolete.

Organizations that fail to acknowledge this dynamic, and adjust their approach accordingly, will remain at the imminent risk of a data breach and be exposed to the consequences that accompany these events. This article will discuss and define the evolving threat posed by customized malware and provide a multifaceted approach to mitigate this risk.

Customized malware is malicious software that has been modified, reengineered or altered to evade the detection capabilities of traditional security technologies. Customized malware may be presented as any of the commonly known forms of malicious software, including viruses, worms, Trojan horses, rootkits and ransomware. The most common customized malware delivery method is inbound email, normally by a phishing or spear phishing attack. Given that anti-virus products provide “signature-based detection,” only malware variants whose algorithms have been previously identified are prevented from compromising the intended victim. Whenever a new malware variant is identified, a “patch” that addresses this specific threat is created, distributed and installed. In an enterprise environment, conscientious security administrators ensure that all new patches are installed immediately upon receiving the update from their anti-virus provider. Unfortunately, the period that elapses between identification, analysis and distribution of a security patch is 30 to 90 days. In the interim, organizations are significantly exposed to the risk of a customized malware attack.

Although this form of undetectable threat has been active for several years, the widely publicized attack on Target provided the public with unprecedented clarity regarding how customized malware is used. In the Target breach, the malware that was installed within the company’s network permitted a group of hackers, to perform extensive system reconnaissance and, ultimately, the theft of more than 40 million credit and debit card numbers. In addition to the cardholder data, 70 million customer email addresses, home addresses and telephone numbers were stolen. Finally, in mid-December 2013, an external party informed Target management that the retailer had been hacked and the attack eventually was disrupted.

Upon analysis of the malware used against the retailer, it was determined that this variant had a zero percent anti-virus detection rate. Simply put, this form or malware was undetectable.

Although I use the Target breach to demonstrate the characteristics, capabilities and availability of customized malware, similar attacks are commonplace throughout all sectors and industries. If your executive management team was aware that your current security approach would, at best, prevent only one in 20 attempts to penetrate your network, I suspect that you would be reevaluating your system defense strategy.

The persistent and evasive nature of customized malware requires the implementation of a multi-layered approach to data protection and network security. Given the irrefutable evidence that anti-virus products have become increasingly ineffective in preventing this form of malware from compromising global networks, enterprises can no longer rely solely on security technologies. An approach that combines employee education, threat containment and network monitoring will reduce the risk of a customized malware penetration.

I’ll be discussing this issue, including the mitigation strategy we use with our clients, during the session I am presenting at CSX 2015 in Washington DC, 19-21 October titled, “Customized Malware—Address This Threat.” I hope to see you there.

John Moynihan, CGEIT, CRISC
President and Founder of Minuteman Governance

[ISACA Now Blog]

About @PhilipHungCao

@PhilipHungCao, CISM, CCSP, CCSK, CASP, CIW-WSP, GICSP, PCNSE, ACSP, CCDA, DCSE, JNCIA, MCTS, MCSA, VCP5-DCV, VCP6-NV, ZCNT is a #TekF@rmer. He has 16 years' experience in ICT/Cybersecurity industry in various sectors & positions.

Discussion

No comments yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Web Stats

  • 116,951 hits
@PhilipHungCao

@PhilipHungCao

@PhilipHungCao, CISM, CCSP, CCSK, CASP, CIW-WSP, GICSP, PCNSE, ACSP, CCDA, DCSE, JNCIA, MCTS, MCSA, VCP5-DCV, VCP6-NV, ZCNT is a #TekF@rmer. He has 16 years' experience in ICT/Cybersecurity industry in various sectors & positions.

Personal Links

View Full Profile →

Enter your email address to follow this blog and receive notifications of new posts by email.

Join 2,132 other followers

Twitter Updates

Archives

September 2015
M T W T F S S
« Aug   Oct »
 123456
78910111213
14151617181920
21222324252627
282930  
%d bloggers like this: