The good, bad and ugly

Share this article:
The good, bad and ugly
The good, bad and ugly

Stuxnet, Duqu, Flame and Gauss: a quadrilogy of attacks spanning from cyber weaponry to cyber espionage, with more parts awaiting discovery. These attacks were designed to hit specific targets with specific purposes. They were not widespread. While some instances of Stuxnet and Duqu found their way into seemingly unplanned locations, the majority of occurrences were localized to targeted systems.

The old defensive model against attacks involved setting up honeypots and traps to look for “spikes” in suspicious activity. It assumed one could find malware by casting a wide net. But what happens when attacks are highly targeted and won't ever be seen in the wild? What happens when attackers develop malware for a singular purpose against a limited set of computers? The honeypots never see it, or if they do, it never reaches the level of a suspicious spike.

These related, but different attacks were around for months – in some cases years – before they were detected. It is believed that Flame was in the wild for almost five years before being discovered. In fact, Flame was designed to disable and/or avoid up to 43 different anti-virus products. The average remotely controlled targeted cyber attack lasts about 15 minutes, in terms of activity and stealing information. Imagine the havoc an attack can cause in five years?

The old model requiring malware to be identified, named and captured with a blacklist signature before it can be stopped is totally ineffective against today's cyber attacks. The only way to defeat new, complex attacks is with a trust-based approach where good software is allowed to execute, and unknown software is stopped until it is proven trustworthy. There is a lot more bad software than good in cyberspace, and the good guys are not trying to avoid detection.

Share this article:
close

Next Article in Opinions

Sign up to our newsletters

More in Opinions

The cool factor: New tech in banking has an edge

The cool factor: New tech in banking has ...

Disruption is expected; financial crime should be, too.

Me and my job: James Hill senior security architect, Consolidated Data Services

Me and my job: James Hill senior security ...

James Hill senior security architect, Consolidated Data Services (CDS), discusses his role at his organization.

Ahead in the cloud

Ahead in the cloud

Growth businesses are always looking for flexible ways of working that reduce capital and running costs, while securely delivering the data users need, when and where they need it.