Story image

Expert insights: How to keep on top of the malware threat

22 Sep 16

Last year (2015), Symantec discovered more than 400 million pieces of 'new and unique' malware. That’s over a million bits of new malware code produced every single day, and was up a third on the previous year. 

It’s clear from this that malware isn't going away. However, nor is it going far in terms of evolutionary development; 90% of that new malware was actually just existing family variations. Coding 100% new malware from nothing is not easy, and the bad guys like the easy route to riches (just look at the rise and rise of ransomware for proof of that).

Knowing that just 10% of the malware threat out there is an unknown quantity is your first step towards becoming Threat Intelligent. But what do we mean by that?

Threat Intelligence has become something of a buzzword, although more often than not one reserved for the larger enterprise with a fully dedicated IT security department.

However, becoming Threat Intelligent isn't just about scale. If you really want to keep on top of the malware threat then you need to embrace Threat Intelligence in the broadest sense. To do that, you need to start by understanding how intelligence differs from information. 

Information v Intelligence

Information is simply raw data (for example network activity logs). Intelligence, on the other hand, is information that has been analysed and refined (for example suspicious network activity that is put into context). 

From this simple definition, we can see how Threat Intelligence can help businesses to understand risk by determining the likely actors and threats they pose. This means that educating staff in how to avoid becoming the next victim is a less onerous task.

Now consider how that threat intelligence is presented to the business; the most common being by way of a tactical approach using Indicators of Compromise (IoC). 

Sticking with our network log analysis example, there may be IoCs present that reveal IP and email addresses or hashes that are associated with known malware families. Armed with these IoCs, responding to the threat and negating it is made a lot easier.

Any size of business can embrace and benefit from the threat intelligence ethic. Becoming Threat Intelligent is the goal, and that doesn't have to require any investment beyond a desire to be secure and the will to make it happen. 

Two steps to Threat Intelligence

Importantly, this means two things:

1. You don't have to reinvent the wheel
As with so much of the security debate, education and awareness is a great place to start. In terms of malware threat intelligence, that means keeping up to date with attack trends and methodologies. This doesn't have to mean doing an evening class in cyber security. 

2. You don't have to start from scratch
Start by picking a couple of respected research resources and read them regularly. Try IBM's 'Security Intelligence', We Live Security from ESET and the independent Security Bloggers Network for starters.

What you do have to do, though, is keep in the vulnerability alert loop. Security alerts provide ready made 'intelligence' in its most basic but effective form – making knowledge a level playing field. 

Closing the window

Not every cybercriminal is a master computer coder or hacker, sitting in a basement and uncovering new ways to get around your defences and at your data. The majority, in fact, are chancers who look for known vulnerabilities to exploit. Even these most often come in the form of ready made, “point and shoot” exploit kits. What they do rely upon is the window of opportunity being open long enough to exploit.

Which means the quicker you close it the more secure you are. So another vital part of your armoury are resources such the US 'Computer Emergency Readiness Team' or SecurityFocus, which publish vulnerability data and software update announcements.

While the Internet is unquestionably a scary place, and the threat of malware is very real and ever present, developing a culture of Threat Intelligence is not as complex as you might think. However, it is a vital first step towards ensuring that your business or your customers make themselves hard to hack.

Article by Davey Winder

MAX Remote Management from LOGICnow simplifies your life by helping you automate tasks, provide near-bulletproof IT security, and keep track of all of your IT assets from a single web-based dashboard. Click here to access a free 30 day trial.

5G will propel RAN market to $160b in near future
5G growth is expected to advance at a faster pace than LTE, particularly within the APAC region.
LG takes home over 140 awards at CES
Including Engadget Best of CES Award in TV category for fifth consecutive year for the LG Signature OLED TV R.
Expert comment: Google fined US$57mil for GDPR breaches
The committee examining the breaches found two types of breaches of the GDPR.
McAfee customer choice for Cloud Access Security
“This is the second time that McAfee has been named... and we believe this demonstrates our ability to stay ahead of the pack.”
The message behind the Apple/Samsung iTunes partnership
Futuresource has released its perspective on what Samsung Smart TV’s new iTunes Movies and TV Show app means for Apple as a company.
Cybercrime could cost companies US$5.2tril over next five years – survey
New research from Accenture found that only 30% of organisations are very confident in internet security.
How healthcare can prepare for My Health Record roll-out - Proofpoint
Australia’s healthcare sector is the continent’s biggest cybercrime target, according to a July report from the Australian Information Commissioner.
Achieving cyber resilience in the telco industry - Accenture
Whether hackers are motivated by greed, or a curiosity to assess a telco’s weaknesses; the interconnected nature of the industry places it in a position of increased threat