The good, bad and ugly

Share this article:
The good, bad and ugly
The good, bad and ugly

Stuxnet, Duqu, Flame and Gauss: a quadrilogy of attacks spanning from cyber weaponry to cyber espionage, with more parts awaiting discovery. These attacks were designed to hit specific targets with specific purposes. They were not widespread. While some instances of Stuxnet and Duqu found their way into seemingly unplanned locations, the majority of occurrences were localized to targeted systems.

The old defensive model against attacks involved setting up honeypots and traps to look for “spikes” in suspicious activity. It assumed one could find malware by casting a wide net. But what happens when attacks are highly targeted and won't ever be seen in the wild? What happens when attackers develop malware for a singular purpose against a limited set of computers? The honeypots never see it, or if they do, it never reaches the level of a suspicious spike.

These related, but different attacks were around for months – in some cases years – before they were detected. It is believed that Flame was in the wild for almost five years before being discovered. In fact, Flame was designed to disable and/or avoid up to 43 different anti-virus products. The average remotely controlled targeted cyber attack lasts about 15 minutes, in terms of activity and stealing information. Imagine the havoc an attack can cause in five years?

The old model requiring malware to be identified, named and captured with a blacklist signature before it can be stopped is totally ineffective against today's cyber attacks. The only way to defeat new, complex attacks is with a trust-based approach where good software is allowed to execute, and unknown software is stopped until it is proven trustworthy. There is a lot more bad software than good in cyberspace, and the good guys are not trying to avoid detection.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Next Article in Opinions

Sign up to our newsletters


More in Opinions

Technology alone isn't going to secure IoT connected devices

Technology alone isn't going to secure IoT connected ...

It's clear that vulnerabilities continue to exist, despite our best efforts to combat them. In fact, we have addressed many of the same problems before.

DDoS is the new spam...and it's everyone's problem now

DDoS is the new spam...and it's everyone's problem ...

As new solutions emerge, it's critical for organizations to protect themselves by being informed, aware, and acting whenever possible. Those that don't take action are playing a very dangerous game.

Securing the autonomous vehicle

Securing the autonomous vehicle

We are now in the fast lane towards a driverless future. Will we have to brake for hackers?