October 11, 2013 2 Comments-
Bjørn Lilleeng, Technical Integration Manager
I remember back in the mid-nineties I was booting my PC in the morning, and went for a cup of coffee (booting a PC took a really long time by then…). When I came back there was a text on the screen: “Your PC is now Stoned”. It appeared that I had booted my PC with a floppy in the slot, a floppy which boot sector was infected with the virus “Stoned”. The virus also infected the master boot record on my hard disk, leaving my PC unbootable.
Since I already worked in the computer security business by then, I fortunately was able to remove the virus relatively easy.
This situation is a typical example on how viruses and other malware functioned by then. They were created with the sole mission of proving the technical excellence of the virus author. The more attention the virus created, the more prestige and respect would come to the virus author. The total number of viruses was relatively small, 3-4000, and all typically created by single persons or hacker groups who wanted to show how good they were at this.
Norman and other security companies distributed signature updates via floppies on a monthly basis. That was considered sufficient to keep the anti-virus system update enough to protect against the threat of that time.
There was a steady growth in the number of malware until the beginning of this century. From 1996 signature updates was done via internet, but malware was still characterized by:
From about 2002/2003 there was a paradigm shift. Criminal actors discovered that malware business had big potential. The number of malware started to grow exponentially. And they used Internet technologies to spread much more effective that previously. A recent report by Microsoft and IDC states that the total cost of fighting malware now spirals to $ 114 billion a year.
The malware of today typically have the following characteristics:
Although money is the driving factor here, there are also other motivations for taking advantage of the new potential of malware.
Groups that fight for the “good cause” , now have tools where they can threaten to punish businesses with DDOS attach if they don’t change their behavior. National states create advanced malware to spy on other national states or businesses, and can even sabotage industrial control systems if they want.
After all, if we try to see the big picture, the different threat actors we see today can be sorted into three groups:
Commercial hackers – the only motif is making money:
Hacking staged by national states:
At the time I conclude this, the big thing in the news is the newly discovered hack potential in Internet Explorer. Microsoft just released a temporary fix to protect the users. A permanent solution is not available yet.
I also read that security advisors recommend people to use a different browser, at least until a permanent fix is released.
I sincerely believe they are missing the point. What will happen next week? A new vulnerability in Firefox? And we all know the vulnerability history of Chrome.
New vulnerabilities have been found in the browsers very often in the past, and it is less likely that this will end soon. This means that the answer is not to change browsers all the time, but rather use a Layered Defense Strategy:
Using a vendor like Norman, that uses different technologies in the different layers, makes it even harder for the “bad guys” to enter your network.
Made up of various contributors' opinions and insights - the power of the collective.
Norman Safeground Blogs Archive