sb-nz logo
Story image

Expert insights: How to keep on top of the malware threat

22 Sep 2016

Last year (2015), Symantec discovered more than 400 million pieces of 'new and unique' malware. That’s over a million bits of new malware code produced every single day, and was up a third on the previous year. 

It’s clear from this that malware isn't going away. However, nor is it going far in terms of evolutionary development; 90% of that new malware was actually just existing family variations. Coding 100% new malware from nothing is not easy, and the bad guys like the easy route to riches (just look at the rise and rise of ransomware for proof of that).

Knowing that just 10% of the malware threat out there is an unknown quantity is your first step towards becoming Threat Intelligent. But what do we mean by that?

Threat Intelligence has become something of a buzzword, although more often than not one reserved for the larger enterprise with a fully dedicated IT security department.

However, becoming Threat Intelligent isn't just about scale. If you really want to keep on top of the malware threat then you need to embrace Threat Intelligence in the broadest sense. To do that, you need to start by understanding how intelligence differs from information. 

Information v Intelligence

Information is simply raw data (for example network activity logs). Intelligence, on the other hand, is information that has been analysed and refined (for example suspicious network activity that is put into context). 

From this simple definition, we can see how Threat Intelligence can help businesses to understand risk by determining the likely actors and threats they pose. This means that educating staff in how to avoid becoming the next victim is a less onerous task.

Now consider how that threat intelligence is presented to the business; the most common being by way of a tactical approach using Indicators of Compromise (IoC). 

Sticking with our network log analysis example, there may be IoCs present that reveal IP and email addresses or hashes that are associated with known malware families. Armed with these IoCs, responding to the threat and negating it is made a lot easier.

Any size of business can embrace and benefit from the threat intelligence ethic. Becoming Threat Intelligent is the goal, and that doesn't have to require any investment beyond a desire to be secure and the will to make it happen. 

Two steps to Threat Intelligence

Importantly, this means two things:

1. You don't have to reinvent the wheel As with so much of the security debate, education and awareness is a great place to start. In terms of malware threat intelligence, that means keeping up to date with attack trends and methodologies. This doesn't have to mean doing an evening class in cyber security. 

2. You don't have to start from scratch Start by picking a couple of respected research resources and read them regularly. Try IBM's 'Security Intelligence', We Live Security from ESET and the independent Security Bloggers Network for starters.

What you do have to do, though, is keep in the vulnerability alert loop. Security alerts provide ready made 'intelligence' in its most basic but effective form – making knowledge a level playing field. 

Closing the window

Not every cybercriminal is a master computer coder or hacker, sitting in a basement and uncovering new ways to get around your defences and at your data. The majority, in fact, are chancers who look for known vulnerabilities to exploit. Even these most often come in the form of ready made, “point and shoot” exploit kits. What they do rely upon is the window of opportunity being open long enough to exploit.

Which means the quicker you close it the more secure you are. So another vital part of your armoury are resources such the US 'Computer Emergency Readiness Team' or SecurityFocus, which publish vulnerability data and software update announcements.

While the Internet is unquestionably a scary place, and the threat of malware is very real and ever present, developing a culture of Threat Intelligence is not as complex as you might think. However, it is a vital first step towards ensuring that your business or your customers make themselves hard to hack.

Article by Davey Winder

MAX Remote Management from LOGICnow simplifies your life by helping you automate tasks, provide near-bulletproof IT security, and keep track of all of your IT assets from a single web-based dashboard. Click here to access a free 30 day trial.

Story image
Romanian nationals jailed for card skimming
The equipment was used to obtain credit card details of more than 122 New Zealanders, and to steal approximately $75,380 from many of them.More
Story image
IBM Security completes industry first with updates to Cloud Pak for Security solution
"With these updates, we will be the first in the industry to bring together external threat intelligence and threat management alongside data security and identity."More
Story image
BlackBerry, Microsoft enter partnership for Teams integration
"Integrating BlackBerry AtHoc will ensure that any organisation managing critical events using Teams is able to contact, alert, and account for everyone within the organisation directly."More
Story image
Zoom to begin rolling out end-to-end encryption
Available starting from next week, it represents the first phase out of four of the company’s greater E2EE offering, which was announced in May following backlash that the company was lax on its security and privacy.More
Story image
Palo Alto Networks extends cloud native security platform with new modules
Palo Alto Networks has announced the availability of Prisma Cloud 2.0, including four new cloud security modules, thus extending its Cloud Native Security Platform (CNSP). More
Story image
CrowdStrike targets Zero Trust blind spot with new offering
CrowdStrike has officially launched CrowdStrike Falcon Zero Trust Assessment (ZTA), designed to aid in overall security posture by delivering continuous real-time assessments across all endpoints in an organisation regardless of the location, network or user. More