Malicious software, or malware, has become a very sophisticated weapon in illegal cyber businesses. The steady flow of news about data breaches and lost identities shows there is a clear and growing gap between conventional security defenses and the reality of modern malware attacks. So what does the $4 billion network security industry do when a new attack, such as Operation Aurora, is exposed? It plays “the great malware cover-up.”
After the attack has been uncovered by victims and/or the media, vendors gather samples of the malware and spend resources analyzing the threat. After a few days/weeks, these vendors release out to customers new (often untested) signatures. Following that, they put senior executives into the field to offer commentary and discuss the dangers of malware.
But, this achieves little other than distracting the user base from the fact that anti-virus and intrusion prevention products did not secure their customers during the outbreak – when it counted. They are sure to point out, however, that they offer customer protections now that the outbreak is over. Meanwhile, criminals have moved on to exploit the next undisclosed vulnerability.
An examination of the communication plan will show critical details left out, such as any claim that customers were protected before the new malware was exposed. Also missing is any meaningful discussion of evolving past signatures, which would provide true protection against modern malware. As well, post-exposure signatures are too late to stop the attack.
Today's security products are designed to fight a conventional cyberwar, when, in reality, the criminals have moved on to modern malware attacks. The great malware cover-up will continue until more of us call these outdated technologies out and then move on to re-investing the time, money and effort to truly modernize IT security.