The good, bad and ugly

Share this article:
The good, bad and ugly
The good, bad and ugly

Stuxnet, Duqu, Flame and Gauss: a quadrilogy of attacks spanning from cyber weaponry to cyber espionage, with more parts awaiting discovery. These attacks were designed to hit specific targets with specific purposes. They were not widespread. While some instances of Stuxnet and Duqu found their way into seemingly unplanned locations, the majority of occurrences were localized to targeted systems.

The old defensive model against attacks involved setting up honeypots and traps to look for “spikes” in suspicious activity. It assumed one could find malware by casting a wide net. But what happens when attacks are highly targeted and won't ever be seen in the wild? What happens when attackers develop malware for a singular purpose against a limited set of computers? The honeypots never see it, or if they do, it never reaches the level of a suspicious spike.

These related, but different attacks were around for months – in some cases years – before they were detected. It is believed that Flame was in the wild for almost five years before being discovered. In fact, Flame was designed to disable and/or avoid up to 43 different anti-virus products. The average remotely controlled targeted cyber attack lasts about 15 minutes, in terms of activity and stealing information. Imagine the havoc an attack can cause in five years?

The old model requiring malware to be identified, named and captured with a blacklist signature before it can be stopped is totally ineffective against today's cyber attacks. The only way to defeat new, complex attacks is with a trust-based approach where good software is allowed to execute, and unknown software is stopped until it is proven trustworthy. There is a lot more bad software than good in cyberspace, and the good guys are not trying to avoid detection.

Share this article:
You must be a registered member of SC Magazine to post a comment.
close

Next Article in Opinions

Sign up to our newsletters

TOP COMMENTS

More in Opinions

Me and my job: Michael Canavan, Kaspersky Lab North America

Me and my job: Michael Canavan, Kaspersky Lab ...

We catch up and learn a bit more about Michael Canavan, senior director, systems engineering, Kaspersky Lab North America.

Embracing BYOD...with safeguards

Embracing BYOD...with safeguards

It's possible to safely manage the security risks posed by BYOD, says Anders Lofgren at Acronis Access.

Becoming a "security thinker"

Becoming a "security thinker"

Active security thinking ensures that we don't simply perpetuate security folklore.