Thoughts on Threats #1 – Malware Mayhem

Thoughts on Threats #1 – Malware Mayhem

Cyber threats come in many shapes and sizes, and can strike at any time. The widespread adoption and use of the Internet has led to an increase in the threats posed to organisations and individuals alike, and the opportunities available to those looking to attack.

On the one hand, the Internet can be seen as a great bounty for humanity; allowing greater and faster information transfer, commerce and communication than the world has ever seen. On the other, a battleground where constant vigilance and mitigation is required in order to protect what’s dear to us. Every cloud and all that.

What’s that oft-touted phrase from The Art of War? Ah, yes:

If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.– Sun Tzu, The Art of War.

This old adage applies as much in cyber-warfare as it does in “real-life” battle scenarios; knowing and understanding what threats you face whilst keeping track of your own information assets and devices is the recipe for staying on top in the information age.

This why we’re running this series of articles dedicated to detailing current threats, and what can be done to fight the good fight in the information battlefields.

The source of inspiration for this series, along with some of the data, is ENISA’s Threat Landscape document. This is an annual publication, detailing trends of threats arising in a global context based on findings and comparisons with previous years.

This month we’re starting with a biggy. Top of the list for the last three years has been Malware – including worms and Trojans, and the worst of them all, those dirty RATs (Remote Access Trojans) – and all indications of its growth point towards malware retaining the top spot for years to come.

What is malware, and why is it so popular?

Malware is any kind of code or software that enters a computer or network uninvited and proceeds to carry out harmful activities, including copying and distributing itself throughout any connections infected computers may have. It is defined by its malicious intent, the term being coined as a portmanteau of malicious and software.

The popularity of malware is testament to its longevity, as it is one of the earliest threats to connected computing. The Morris worm of 1988 was claimed by its creator to have been designed and released only in order to gauge the size of the Internet, but once it had been released on to the Internet of its day (primitive and miniscule by today’s standards) it spread rapidly, installing itself on machines across the globe through a number of vulnerabilities, including weak passwords.

An error in the Morris worm is what turned it into a threat; it was able to install itself on computers multiple times, each time taking up more computing power. Generally, these days malware is far more malignant – stealing banking credentials, encrypting files and doing a raft of other nasty stuff to data and hardware, but the Morris worm was the first to show that rapid replication and propagation of software could be facilitated across connected networks.

From this seemingly harmless idea grew a potentially fatal threat in the early days of the Internet. Computer scientist Robert Tappan Morris, its creator, had unintentionally demonstrated that a large-scale attack on multiple computers connected to the Internet was possible, and opened the doors for cyber-criminals to try their own hands at malware.

By embedding instructions in malware’s code, hackers can take control of various elements of a computer. This is one way in which malware can be used to inflict damage in the real world, as was the case with the Stuxnet malware, which is thought to have roots going back as far as 2005.

Stuxnet is an incredibly targeted piece of malware, which focuses specifically on programmable logic controllers in Siemens industrial control systems. This malware attacked these controllers on machines in Iran which were connected to uranium centrifuges used in enriching the material’s nuclear capabilities. The malware’s highly advanced and targeted nature led many experts to believe it was created jointly between the US and Israeli governments with the aim of disrupting Iran’s nuclear programme, though this has not been proven.

These days, it doesn’t take a Harvard Graduate or a government task force to design a piece of malware. There is a growing number of tools online for the purpose of creating malware making it easier for relatively inexperienced people to put together their own malware. Known as exploit kits, these can be purchased and downloaded from the dark web frighteningly easily.

This combined with the popularity of mobile apps and app stores has made distributing malicious code easier than ever. As Pokémon Go recently brought to the public eye, the use of “impostor” applications which impersonate genuine apps in order to lure people in and then install covert code on their devices is on the rise, effectively turning us into the instigators of our own downfall. These so-called Trojan attacks rely on malicious code being disguised by a seemingly legitimate piece of software, which lulls the user into a false sense of security.

Add to that the profitability factor of “made-to-order” malware – malware essentially chartered to an expert hacker who then crafts the code for a fee – and it’s hardly surprising this cyber-threat consistently tops the charts.

Fighting the good fight

Whilst malware is an incredibly prolific and versatile threat, there are steps you can take to defend yourself. Being savvy to the common ways in which hackers attempt to insert malware into your system goes a long way, so any unsolicited emails requesting you click a link or with unexpected attachments should be viewed with suspicion.

As mentioned previously, Trojan attacks through seemingly genuine software and files from the Internet can sneak malicious code past your defences, so keep your wits about you and avoid downloading software or content that you are unsure of.

Maintaining your firewall and anti-virus protection can help, as well as keeping device operating systems up to date. Running regular scans and conducting ongoing penetration tests on networks will help detect  vulnerabilities that may be exploited at the earliest possible opportunity, lessening the chance that attackers can get a decent foothold on your systems.

Unsecure networks can provide numerous inroads for hackers to implant malware, and sometimes are even set up by a malicious party to impersonate a free Wi-Fi network in public spaces. Avoid these unless you’re absolutely certain the connection can be trusted, and make sure your home network is secure with strong passwords and no unknown devices connected.

Malware is a problem that is not going to go away any time soon. Armed with knowledge of the nature of this threat and its methodology in infecting your system aids you in keeping up your defences and maintaining vigilance. By understanding your own assets and preparing for the eventuality of an attack, you lessen the risks posed to your information security by threats like malware.

If you have any questions around malware and what you can do to protect yourself, please get in touch. At Commissum, we specialise in a range of options to increase your cybersecurity and fight back against the threat of malware.