The good, bad and ugly

Share this article:
The good, bad and ugly
The good, bad and ugly

Stuxnet, Duqu, Flame and Gauss: a quadrilogy of attacks spanning from cyber weaponry to cyber espionage, with more parts awaiting discovery. These attacks were designed to hit specific targets with specific purposes. They were not widespread. While some instances of Stuxnet and Duqu found their way into seemingly unplanned locations, the majority of occurrences were localized to targeted systems.

The old defensive model against attacks involved setting up honeypots and traps to look for “spikes” in suspicious activity. It assumed one could find malware by casting a wide net. But what happens when attacks are highly targeted and won't ever be seen in the wild? What happens when attackers develop malware for a singular purpose against a limited set of computers? The honeypots never see it, or if they do, it never reaches the level of a suspicious spike.

These related, but different attacks were around for months – in some cases years – before they were detected. It is believed that Flame was in the wild for almost five years before being discovered. In fact, Flame was designed to disable and/or avoid up to 43 different anti-virus products. The average remotely controlled targeted cyber attack lasts about 15 minutes, in terms of activity and stealing information. Imagine the havoc an attack can cause in five years?

The old model requiring malware to be identified, named and captured with a blacklist signature before it can be stopped is totally ineffective against today's cyber attacks. The only way to defeat new, complex attacks is with a trust-based approach where good software is allowed to execute, and unknown software is stopped until it is proven trustworthy. There is a lot more bad software than good in cyberspace, and the good guys are not trying to avoid detection.

Share this article:
close

Next Article in Opinions

Sign up to our newsletters

More in Opinions

Hackers only need to get it right once, we need to get it right every time

Hackers only need to get it right once, ...

Hackers only need to find one weak point to steal valuable information. On the flip side, security pros need to account for every possible scenario.

Successful strategies for continuous response

Successful strategies for continuous response

While it isn't realistic for organizations to expect that it will never happen to them, a rapid, professional and continuous response can limit their scope and reputational impact.

When it comes to cyber attacks, predictions are pointless but preparation is key

When it comes to cyber attacks, predictions are ...

Rather than predicting the next lightning strike it is far better to pay attention to the areas we already know are vulnerable.