The menace of malware; reacting to an ever changing threat paradigm

What if every day a new threat was on the horizon?  It would be seemingly overwhelming!  But what if every day tens of thousands of new threats were appearing, and the majority have yet to be identified?  Scary as that may seem we must face reality and realize that is the world we live in.  And for that reason there is no way to protect from malware by only using a reactive approach.

Always knocking on the door

Imagine your computer as a house, with your connection to the Internet as a door.  If you don’t secure your connection properly, then your door is effectively unlocked.  Automated malware is literally always knocking on that door.  If you don’t have any form of firewall, your system can be compromised very quickly.  Automated Internet-based attacks happen on an average of every 15 seconds.

The unlocked door may not be the only point of entry, though.  Sometimes we may willingly invite malware in to our house through infections through techniques like trojan horses, where the malware represents itself as something else (such as a compromised legitimate program download).  On other occasions malware could sneak in through an unlocked window in the form of an insecure Internet browser or outdated version of Windows.

Understand what neighborhood you’re in

This a metaphorical way to represent how safe your house (computer) is based off of several key factors:

1: Where do you go?  If you visit unsafe places, dangerous malware could follow you back to your house.

2: Who are your neighbors?  Other network users that could be compromised by malware that are local to you could pose significant risks.

3: Do I have good perimeter security? Not having a firewall is the same as leaving your door unlocked. A good firewall can help to mitigate Internet-based attacks.

4: Do I have good locks? Anti-virus software can be helpful and is strongly recommended.  Other security applications can be helpful as well.  But what seems to be more important is keeping all of your applications up to date.  Think of this as keeping up the integrity of your home’s structure. Also, some anti-virus software may surprisingly introduce security risks. So choose wisely!

This is a good overview of how to visualize malware threats on a basic level.  The notions of having your computer as your virtual home and trying to secure that very home against attack.

What does malicious software do?

Overall, though, mitigating the threat of malware is more complex than these analogies allow me to articulate.  So let’s dive a little bit deeper down the rabbit hole that is malicious software.  I’m often asked how does malware work, what does it do and why?  These are all important questions.  First, let’s tackle the ins and outs of malware.

Malware functions by invading software on a computer and accomplishing a task.  This task may be to spread itself, saturate the computer user’s experience with advertising or put the computer under the control of others.  It is not purposeless software meant only to annoy the user.  There are grave risks that come with severe forms of malware.  Some may attempt to harvest sensitive information (PII), such as social security numbers, bank accounts, credit card numbers or passwords by monitor keystrokes or searching the hard drive.  Others may actually encrypt your data and try to extort you (i.e. ransomware).

Long gone is the era of an adolescent in his or her parents’ basement writing self-replicating programs to fulfill their curiosity and to the frustration of those who become their victims.  Now we are dwelling on a playing field where the stakes are much higher and the groups are motivated by money instead of childlike wonder and mischief.

There is more to malware protection than reactive defense

One of the biggest mistakes I see my clients make is to assume that the best protection is to react as malware is exposed to your computer.  Unfortunately statistical probabilities dictate that the likelihood your anti-virus software catches the latest and greatest threats is quite low.  In fact, with tens of thousands of new malware variations and even new novel programs coming in to existence on a daily basis, there is no conceivable way that a reactive defense is sufficient.

Anti-virus software relies on accurate signatures to detect a threat.  Those signatures are based off of the analysis of the malware that has been captured by these anti-virus software programmers and maintainers.  If malware is different enough that it doesn’t match existing signatures or heuristic (pattern-based) analysis, then it will slip by unnoticed in to your computer.

Anti-virus is a very basic component of functional cybersecurity. But it is not to be relied upon nor should it install a false sense of safety. Malware is lurking around the corner and will seize on any opportunity it can find. And as mentioned, many malware can slip by anti-virus undetected.

Instead more advanced detection measures are necessary, such as active traffic analysis, checking for signs of compromise, or even forensic examination of the system(s) in question. Otherwise more stealthy and advanced threats may persist undetected. We’ll talk more about these in a future article.

Posted in cybersecurity, Malware.