This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

The challenge of custom malware from advanced attackers

Share this article:

The challenge of custom malware and targeted attacks is a bi-product of today's rapidly evolving attacker.

The problem with ‘custom malware' was mentioned to SC Magazine a year ago by Stephen Howes, CEO of GrIDsure, who said that he thought ‘one of the problems that the industry faces is that malware authors can come up with incremental ways of breaking the system'.

In September last year, he said: “This is more than malware, you can buy gizmos that capture keystrokes so a cleaner can plug one into a computer and at the end of the week they will collect it with the details recorded.”

Speaking at the recent Symantec Vision Conference, Francis deSouza, SVP of Symantec's security group, said that attackers have eclipsed hackers as the largest threat to organisations as they become more professional. Looking at modern malware such Stuxnet, he said it was clear that this evolved threat is now commonplace. He said: "Stuxnet is several man years of work involved in putting it together and involved a collection of skills."

Asked if custom malware is going through an accreditation process for development, deSouza said: “It is very clear that people in the malware industry, both on the good side and the criminal side, learned from Conficker. People took lessons in how it worked and it followed with the industry as a whole learning from it.

“What we are also seeing is that as you break down the breaches there are four stages: incursion (how to get in); discovery (once in how map out a network and figure out where information assets are and how well protected they are); capture (trade off on how value information is and how well it is protected); and excavation (how to get data out). We find that different skills are employed in each of these stages; in fact it is different people within the gang or across different gangs that are involved in each of the stages.

"The first two stages have to be very 'stealthy', as are the techniques used, as they don't want to be discovered on the way in and in most cases the infiltration can last up to a year, but the third and fourth stages are over in minutes and tend to be messy and loud because criminals don't care about being noticed at that stage – they know most organisations can't react fast enough at that stage even if they are discovered.”

Rik Ferguson, senior security advisor at Trend Micro, said that custom malware was something he had been talking about for years but targeted attacks remain a threat worth considering.

“It is criminal, it is advanced, it is written by professional coders who get money for it and the more targeted it is the more difficult it is to detect,” he said.

"The biggest problem for the security industry is that we have to play with an open hand because we make products that are available for purchase and we have to tell people about them and criminals can also purchase them, do their thing and test it until it is not detected. That is the big difference."

Matt van der Wel, manager of investigative response at Verizon Business, said: “Criminals are stealing but not selling data. They are waiting for the price to rise and if they sell it and someone uses it then it alerts the fraud authorities. The problem with cyber crime is that it is not a mafia model and not terrorists, they are like small to medium businesses, as you can hire them for a service and the cyber criminal can have the right management team to do the job. It is difficult to catch a group and say that they are to blame for developing software.”

The evolution of threats is well covered both online and in print and is something to consider, but just how advanced the techniques are is a cause for concern for all. On the bright side, there are some very clever people working for the greater good.

Share this article:

SC webcasts on demand

This is how to secure data in the cloud


Exclusive video webcast & Q&A sponsored by Vormetric


As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.


View the webcast here to find out more

More in Opinion

Winning strategies in cyber warfare

Winning strategies in cyber warfare

The adversary has enormous capabilities in the cyber world, but it too is not without its vulnerabilities, and these must be exploited says Calum MacLeod.

Getting to the heart of the problem

Getting to the heart of the problem

As the Heartbleed bug demonstrates, passwords - especially the way they are commonly used across sites - are inherently vulnerable suggests Chris Russell

Changing the cost of cybercrime

Changing the cost of cybercrime

Oganisations need to cooperate and share threat intelligence in order to increase the cost of cyber attacks for hackers suggests Russ Spitler, VP product management, AlienVault