The industrialisation of malware is a reality, and I am pleased to see Cyber Security Month is raising awareness of this type of threat. Activities have been taking place throughout October as part of the major campaign, and this week’s official theme is around mobile malware. Here, I will explore the traits of an attacker using malware, and how businesses can regain control.
We already know that IT teams are facing unprecedented challenges – including protecting a proliferation of endpoints, planning for the impact of the Internet of Things, and attempting to understand and manage an explosion in Shadow IT and cloud adoption.
But some things don’t change. Successful cyber criminals, much like other criminals, have three consistent traits – motive, ability and opportunity. Organisations therefore need to implement the right controls and solutions as well as build an advanced detection and response capability. Essentially, they need to understand more about the ‘why’ and ‘how’ of malware irrespective of the intended target.
Businesses should establish an ‘attackers’ eye’ view – not only to understand their adversaries’ techniques, tactics and procedures, but also to get closer to the motivation for an attack. Understanding more about who is attacking, where they are based and which assets or data are of interest, as well as the timing of any activity, can help organisations establish the motivation of their attackers. With the right profiling tools, contextual knowledge and analysis skills, suspicious activities and known attack patterns can now be traced back to their source. Understanding this contextualised intelligence is the first step in building a good cyber defence. An organisations needs to know what to defend and how to defend it.
Mobile malware – and other types of targeted malware – is often developed by highly funded skilled criminal organisations that has the ability to utilise advanced techniques to actively evade detection. Rather than using a single technique, cyber criminals often combine evasion techniques to deliver highly targeted and tested malware over long periods. Establishing a detailed understanding of how users behave helps them to achieve their objectives. Organisations need to improve their ability to detect and prevent malware, which can be achieved with machine learning or ‘deep learning’ techniques. Innovative solution providers are now demonstrating advances in algorithms that can be applied to recognise the common patterns in malware variants and user behaviour, giving organisations a longer window to respond.
We could make life much harder for cyber criminals than we do today. Our 2016 Global Threat Intelligence Report highlighted the high percentage of organisations that still lack controls such as patch management and incident response management. For example, the top 10 internal vulnerabilities are exclusively related to patch levels, accounting for more than 78 percent of all observed internal vulnerabilities during 2015. These information security fundamentals could have prevented or mitigated a significant portion of incidents and malware infections. And large organisations are just as likely to have these gaps as smaller, growing businesses.
Keep a look out for my blog post on how emerging deception tools could offer game-changing capability for advanced malware detection.