Malware still the biggest threat

It’s reckoned that two million new strains of malware, or five every two minutes, will emerge onto the Internet this year. That doesn’t include the 15 to 20 new Trojans released every hour. These are the figures reported by Kaspersky in an article in the latest edition of Information Week. While the numbers are shockingly high, they are not in my opinion representative of where the real threat and the greatest risk lies; so long as we continue to deploy multi-layered defences – Network IPS at the perimeter, Host IPS and anti-virus on the desktop, proxy devices for scanning incoming web traffic and so on. It’s expensive but essential controls.

The greatest risk is from the targeted malware. specifically designed to attack your network and your data. I was reading about the Russian Business Network. They have a Wiki entry here.

The RBN has been described as “the baddest of the bad”. It offers web hosting services and internet access to all kinds of criminal and objectionable activities, with individual activities earning up to $150 000 000 in one year. Businesses that take active stands against such attacks are sometimes targeted by denial of service attacks originating in the RBN network. RBN has been known to sell its services to these operations for $600 per month

One of their alleged principle operations is writing custom exploits, paid for by clients, designed to attack specific networks. It’s apparently a very profitable operation – although I’m taking the figure quoted on the Wiki with a pinch of salt.

More worrying still are reports that virus writers are attempting to infiltrate AV vendors (as described in the aforementioned Information Week article) and that legitimate AV employees are being “approached by virus writers hoping to suppress signatures for particular – highly profitable – Trojans.”

What’s clear is that long gone are the days when malware was mostly nuisance stuff created by hobbyists. These days there is a well organised and profitable underground business in operation creating malware that our defences don’t block and we don’t find.

My own anti-malware strategy is based on the defences I mentioned earlier but also security awareness messages and a strong stand against non-company equipment connecting up to the network. But I doubt if all that would be enough if there were to be a targeted attack. So this is where we have to focus also on strong authenitcation, making sure that private data is encrypted, limiting access using the principles of least privilege and so on. Each control on it’s own will reduce some degree of the risk. Taking all of the controls together reduces the risk much more. Enough? Arguable. Because that only covers off the data that’s on the networks under my policy control. Do all our partners have controls equally as good? I’m going to be finding out!