Advanced Malware: Persistent, Invisible and Costly

Hacker typing on a laptop
There have been many high profile cyber attacks this year. The largest oil company in the world, Saudi Aramco, had 30,000 systems wiped out by malware and they were down for weeks because of it. Media powerhouses The New York Times, The Washington Post, Bloomberg and The Wall Street Journal were all compromised, and in some cases the hackers involved had access to their systems and data for years before being discovered and stopped.Adobe System Inc. was another high-profile victim in 2013, suffering a massive data breach that might be indicative of the types of cyber attacks we’ll see in the future. Hackers managed to compromise almost 40 million customer accounts, many with full credit card information. Perhaps even more damaging, the intruders also acquired a significant portion of the source code for Adobe’s Photoshop family of design software, as well as for their popular Reader and Acrobat programs. The financial impact of this breach will be tremendous. Not only will the considerable expenses of remediation and notification be felt, but also the high costs in time and manpower to reengineer the compromised products in order to fortify them against even more effective malware, thanks to the source code stolen. The very real effect on public perception relating to business integrity and client trust will come into play as well. Hundreds of millions of users worldwide use Adobe’s products and this kind of breach could potentially put every one of them at risk.

Headline-making hacks are only a fraction of what happens on a daily basis. A 2013 study conducted by the Ponemon Institute of 60 larger organizations (1000+ seats) revealed that companies suffered an average of two successful attacks per week per company, and their average costs associated with cyber crime rose 26% to $11.6 million annually.

The statistics for smaller businesses are even more frightening. A study conducted by the U.S. House Small Business Subcommittee on Health and Technology earlier this year found that 60% of all small businesses victimized by cyber crime close their doors within six months of the incident. Large organizations may have the resources to withstand the high costs and aftermath of a successful data breach, but most small to medium sized businesses simply can’t.

The actual profile of malware attacks is quite a bit different from the public perception. Forbes Magazine reported last year on Zero Day attacks, which are exploits not yet discovered by the manufacturers of anti-malware products. Based on data collected from over 11 million PC’s, Forbes found that on average, threats persisted for 312 days, with a high water mark of roughly two and a half years. Data breaches don’t happen quickly, and they aren’t easily discovered. Advanced malware threats hide on infected systems for a long time, and cyber attacks are underreported because many are still going unnoticed. Forbes also asserted that many of these “invisible” Zero Day exploits are routinely bought and sold on black market hacker sites, fetching prices as high as a quarter of a million dollars. With hackers expecting a return on their investments just like any business, and all the advancements in malware sophistication which have evolved in the last year, the effectiveness and abundance of persistent advanced threats will continue to rise.

You would be hard pressed to find any company without firewalls, virus scanners and a host of security measures implemented. Still malware gets through, because the majority of antivirus products rely on an inherently flawed detection approach. Typically, antivirus and anti-malware solutions rely on signatures of known threats in order to detect, identify and remove them. But if a threat is unknown, or advanced enough to hide from security programs by disabling or fooling them by changing its “signature,” it simply isn’t detected, allowing it to remain hidden and function destructively for years at a time in many cases.

Combatting advanced threats like sophisticated rootkits, Trojans, polymorphic viruses and a host of others, requires a proactive approach. Next generation anti-malware and antivirus solutions will have to be able hunt down threats based on criteria other than a signature, such as by examining functions of bits of code, checking for the way code snippets interact — and employ search methodologies that will leverage the experience and intuition of IT personnel and cover attack responders. Human ingenuity and insight are powerful tools when it comes to beating highly advanced cyber threats.

copyright 2013 by Global Digital Forensics. All rights reserved.