The evolution of malware and exploits is a myth. At face value, it seems like there was a logical progression from script kiddies pushing the envelope just for the sake of pushing the envelope, to malware for malicious intent, to malware with a financial motive, to organized cybercrime, and finally to sophisticate, state-sponsored cyber espionage attacks. When you go back and look at the details of when these threats were actually developed, though, the chronology doesn’t work.
Many of the sophisticated, state-sponsored cyber espionage threats appear to have been developed and in circulation since way back in the early days before more traditional malware got to the point of organized cybercrime. The reason this is an important distinction is that it calls into question the security tools businesses and consumers have relied on for the past decade. How is it possible that there were exploits and malware threats compromising networks and PCs for years undetected?
I wrote about the changing security paradigm in this blog post:
Somehow we managed to establish some sort of security equilibrium for a few years—a status quo where new threats continued to be developed by the millions, but most security tools seemed equipped to detect and block them, and those who followed established security best practices were relatively secure. Then it all changed.
Mobile malware, cyber espionage, and data breaches—particularly data breaches involving credit card data and personal information of millions of retail consumers—are three major shifts in the threat landscape that fundamentally alter the game. It’s no longer a matter of “us vs. them”, and simply guarding the perimeter and protecting individual endpoints against malware is no longer sufficient.
Some sophisticated threats such as Stuxnet, Duqu, Flame, and other suspected state-sponsored malware illustrate that the perception of security was an illusion in the first place. These threats have existed for years, somehow managing to remain under the radar and undetected. Now that those threats have been discovered and reverse-engineered, the advanced evasion and exploit techniques are making their way into more mainstream attacks. The bad guys are becoming more resourceful, and the traditional model of network and endpoint security needs to adapt.
A new trend is emerging to address the evolving threat landscape, and a new breed of security vendor is springing up to take cyber defense to the next level. The common thread among many of them seems to revolve around big data—stepping back and analyzing a bigger picture for clues about where attacks originate, and how they spread. Many emerging security startups are taking an analytical approach in an attempt to be more proactive about security.
Read the full article on the RSA blog: Next-generation Attacks Require a New Approach to Cyber Defense.