Question #2 Write an essay on the trends that we have seen regarding the evoluti
ID: 3730144 • Letter: Q
Question
Question #2 Write an essay on the trends that we have seen regarding the evolution of malware during the past fifteen years. You should cover most (if not all) of the following issues: . How malware has evolved: including new attack tricks .Big problems that currently confront the security community . How the population of malware authors has evolved over the years . What is motivating the malware authors these days . How emerging technologies are having an impact on these trends (e.g., the impact of social networks and mobile devices). Your essay should end with some predictions about future trends as well as how solutions to those new threats will evolve. Discuss where things seem to be heading- both in terms of the bad guys and the good guys.Explanation / Answer
Introduction:
“A digital world we became”. These days individuals turned to use computer systems in everything in their lives. They even use them in manufacturer instead of employees. I did not say that technological innovation is not essential for us but sometimes the technological innovation disregards our role in life. Technological innovation is very essential to any lifestyle to flourish. Technology contains cell mobile phones, laptops, machines, Ipads and many other factors. Not also they include all the excellent stuff but any great factor comes out with a drawback. Technological innovation has some drawbacks, and the most essential one of them that we will mainly talk about is the malware.
Malware Definition:
What is the “MALWARE”? A malware refers to software programs designed to damage or do other unwanted actions on a computer system. In Spanish, "mal" is a prefix that means "bad," making the term "bad ware" .Malware includes viruses, worms, Trojan horses, and spyware. Viruses, for example, can cause havoc on a computer's hard drive by deleting files or directory information. Spyware can gather data from a user's system without the user knowing it. This can include anything from the Web pages a user visits to personal information, such as credit card numbers.
It is unfortunate that there are application developers out there with harmful intent, but it is good to be aware of the fact. Individuals can set up anti-virus and anti-spyware resources on their pc that will seek and eliminate the harmful applications they find on their pc. Individuals decided to fight against bad ware and set up some protective resources on their difficult generate.
The Beginning of malware
In 1982, Elk Cloner was written to infect Apple LLC’s operating system. Attached to a game, it infected the Apple’s boot sector and spread by “cloning” itself to new disks introduced to the system. Once the virus was triggered, it would display a poem explaining how Elk Cloner was copying itself throughout the victim’s machine and that it wouldn’t be easy to reverse its effects.
The 80s: Malware Goes Malicious
A year after the first personal malware was found “in the wild,” the term “computer virus” was coined to refer to a malicious program written to destroy data or to corrupt systems. As time moved on, the computer virus branched off into many different categories, each meant to define how it acted.
The 90s: Internet Usage Drives Malware Havoc & AV Software
Malware learned the art of evasion and as a result, antivirus software became a growing business. By the end of the 1990s, the Internet was circling the globe. In fact, 50 percent of all U.S. homes had computers and Internet access, ultimately facilitating the explosion of malware as it is known today.
The 2000s: Aggressive Social Engineering & Criminals Pay the Price
In the early 2000s, more aggressive social engineering strategies came into play. The “I Love You” worm, aka “Love Letter,” was considered the most damaging worm of its time, infecting millions of computers worldwide merely 15 minutes after its release.
The issue of computer infection became so paramount that the world started to see authorities making arrests for computer crimes. In 2001, Jan de Wit was arrested after he authored the worm known as the Anna Kournikova worm that spread quickly by tricking recipients into believing that the email they had just received contained a photo of Anna Kournikova.
It was in 2003 when the SQL Slammer made its debut that the Internet really stood up and took notice of the now ever-present computer virus.
Mid-2000s: Malware is Widespread
By the mid-2000s, there were more than a million known computer worms circulating around the Internet. Email spam was becoming big business as malware authors stood to make serious cash by blasting out unsolicited email, spam, and getting just a percentage of users to buy their goods or click on links.
The first malware specifically written for Mac OSX also entered the scene during this time, causing Mac users to re-evaluate their “Macs don’t get viruses” mindset. Other consumer products also became a risk—digital picture frames and hard drives from China began to hit store shelves with malware pre-installed on them.
Late 2000s - 2010: Conficker’s Debut & State-Sponsored Attacks
The Conficker worm made its debut in November 2008, quickly infecting more than 15 million machines worldwide. Researchers theorized that not only was Conficker an experiment to test out new functionalities and spreading capabilities, but that it was also a state-sponsored experiment.
The idea of governments and militaries using malware as a new weapon was at first only a theory. This changed with Stuxnet in 2010 (and spin-offs later that year including Duqu and Flame). The world had proof that state-sponsored attacks were a reality.
2013: Ransomware
Cryptolocker and its spinoffs, CryptoWall and CryptoDefense, (all ransomware) made their first appearances around September 2013. Cryptolocker employed strong encryption to scramble nearly every file on its targets, making them impossible to recover without the unique, private key used to encrypt them. Even if the Cryptolocker infection was successfully removed, the files would remain encrypted and unusable. This instantly made many of its victims aware of the importance of a reliable backup strategy.
Ways of a malware attack,The ways in which malware attacks a computer include:
Once malware makes its way into a system, they begin to damage a system’s boot sector, data files; software installed in it and even the system BIOS. This further corrupts your files and your system might shut down as well. The main problem is that these malicious software programs are designed to spread in a system.
Big problem that currently confront the sequerity community
THE INABILITY FOR THREAT SIGNATURES TO DETECT ALL RISKS
Signature-based threat detection refers to those security tools or technologies, such as antivirus and intrusion detections systems (IDS), that attempt to detect, capture, and quarantine a virus or entire malware families using their known signatures.
Yet in the past few years, malware-authoring techniques have evolved to the point where security tools that rely on threat signatures simply can’t keep up. Or, in the case of zero-day attacks, hackers can exploit a vulnerability the company didn’t even know existed, which means that no threat signature could have successfully prevented the attack. With signature-based threat detection, security teams are essentially operating in the dark – attempting to defend against an army of threats they can’t “see.” As a result, overall security suffers.
THE INCREASING USE OF END-TO-END ENCRYPTION IN NETWORKS
Whenever two devices in a network establish an end-to-end encrypted connection, the traffic flows between them (their “conversations”) is invisible to everything – and everyone – else. This is an effective strategy in preventing man-in-the-middle attacks, where an adversary can access the data communications between the two devices without raising an alert.
When we think about man-in-the-middle scenarios, we tend to think of them in this context – preventing bad guys from disrupting the system. Yet many of the most important enterprise-level security controls, tools such as next-generation firewalls, IDS solutions, payload detonation devices, and many more, all rely on man-in-the-middle techniques.
THE PROLIFERATION OF CONNECTED DEVICES
To best understand the implications of this trend, consider this thought: Have you recently purchased an electronic device that did not attempt to connect to a network in order to do what it was designed to do? Most likely the answer is no, and examples of non-connecting devices are becoming extremely rare.
INFORMATION OVERLOAD
Virtually everyone who has worked in incident response or information security realize that that there is too much information to process efficiently – or effectively. There are simply too many machines, generating too much data, requiring too many man hours for analysts to respond to various alerts, and more frequently, false positives.
It's important to understand the motivation behind the onslaught of malicious code bombarding our firewalls, users, and servers. At SophosLabs we see hundreds of thousands of malicious files every single day. And these files aren't the world of by governments and spies to spark the next cyber war. It's about money.Cybercriminals have a lot of options to make money. Fortunately, there's a lot of steps to get there, and every step a cybercriminal has to take is a point where we can stop them.They begin by finding victims. And oh, do they have options for catching unwitting victims. Cybercriminals ensnare victims in a number of ways, including: spam, phishing, Social media, Drive-by downloads, malware.
In the automation or intelligent software space, robotic process automation tools, autonomics tools, and cognitive computing solutions create change inside organizations. Automation impacts change management by forcing the enterprise to figure out what the change will be and how it will affect people, processes and technology.Information technology service partnering, cloud computing, and BYOD all demand fast and frequent change in the enterprise.
Data Leakage-Mobile apps are often the cause of unintentional data leakage. As noted by eSecurity Planet, for example, “riskware” apps pose a real problem for mobile users, who give them sweeping permissions, but don’t always check security. These are typically free apps found in official app stores that perform as advertised, but also send personal and potentially corporate data to a remote server, where it is mined by advertisers or even cybercriminal
Unsecured Wi-Fi--No one wants to burn through their cellular data when wireless hot spots are available—but free Wi-Fi networks are usually unsecured. According to V3, in fact, three British politicians who agreed to be part of a free wireless security experiment were easily hacked by technology experts and had their social media, PayPal and even VoIP conversations compromised. To be safe, only use free Wi-Fi sparingly on your mobile device, and never using it to access confidential or personal services, like banking or credit card information.
Network Spoofing-Network spoofing is when hackers set up fake access points (connections that look like Wi-Fi networks but are actually traps) in high-traffic public locations such as coffee shops, libraries and airports. Next, cybercriminals give the access points common names, like “Free Airport Wi-Fi” or “Coffeehouse,” which encourage users to connect. In some cases, attackers require users to create an “account” to access these free services, complete with a password.
Phishing Attacks-Since mobile devices are always powered-on they represent the front lines of any phishing attack. According to CSO, mobile users are more vulnerable, since they are often the first to receive legitimate-seeming emails and take the bait. Desktop users who only check their email once a day or every other day are often warned off by news sites or security bulletins before clicking through. Email monitoring is crucial. Never click on unfamiliar email links. On a smaller mobile screen, they can be even harder to verify. Always enter URLs manually to be as safe as possible.
Improper Session Handling-To facilitate ease-of-access for mobile device transactions, many apps make use of “tokens,” which allow users to perform multiple actions without being forced to re-authenticate their identity. Similar to passwords, they’re generated by apps as a way to identify devices. Secure apps generate new tokens with each access attempt, or “session,” and should remain confidential. According to The Open Web Application Security Project, improper session handling occurs when apps unintentionally share session tokens with malicious actors, allowing them to impersonate legitimate users.
Desktops. According to SC Magazine, a role reversal is in the works: Desktops and laptops connected to mobile networks are becoming increasingly responsible for infecting smartphones and tablets.
BYOD. As users are granted high-level access from personal mobile devices, smartphones and tablets effectively take the place of desktops—but don’t offer the same level of built-in security or control.
The Internet of Things (IoT). With the number of types of smart devices—from RFID chips to thermostats and even kitchen appliances—growing so quickly, they can’t always be monitored by users or antivirus solutions. As a result, hackers may use these IoT devices as entry points to networks at large.
Future Trends
The widespread infection of both computer worms, viruses or Trojan horses spammed to millions are generally no longer considered a serious security threat, and instead, especially for organizations and corporations, targeted Trojan horses have become the highest concern.
Vincent Weafer, a senior director at Symantec Security Response, said, “Targeted Trojan horses are still a tiny amount of the overall threat landscape, but it is what the top corporations worry about most.” With the aid of carefully placed keyloggers or screen-scraping software, cybercriminals can more easily access specific computers. This method is used primarily in industrial espionage and other financially motivated crimes. Common attacks are more easily detected and halted by most security technology, but targeted attacks such as these can easily remain hidden. This is due to traditional products being unable to recognize the threat.
New methods and variants continue to be implemented, allowing these lesser-known and uncommon malware packages to keep their attacks going for a longer period of time, even if this means blatantly attacking the people who are trying to study them. There have been many new and improved attacks discovered in recent reports.
There was one piece of malware found during a forensics investigation on a desktop computer. This particular piece of malicious software had actually been pre-coded to steal specific information from the victim’s organization. It was also noted as being disposable so that it could vanish without a trace after performing its tasks.
In another instance, there was a malware written specifically to steal intellectual property. What was unusual about this malware, however, was that it could crawl different file types (Excel, PDF, etc.) for intellectual property to steal. Then it would encrypt and send the stolen data to a remote server.
an artificial intelligence/machine learning (AI/ML) security approach can allow organisations to confidently protect against today’s malware and predict malware of the future. AI/ML doesn’t forget, it doesn’t rely of having seen a particular piece of malware before and can identify malicious files and executables with no connection to the internet.