Lastline says cyber-pros have some gaps in their malware knowledge

News by Roi Perez

Low awareness of some common malware behaviours could decrease the effectiveness of detection and mitigation efforts, according to the company.

Security firm Lastline says it has identified significant gaps in the cyber-security knowledge of people working in the sector.

It conducted a survey of 326  cyber-professionals at InfoSecurity Europe 2017 and found a significant number had some gaps in their knowledge of current malware and its tactics.

For instance, when asked to identify different malware behaviours, only 70 percent knew that malware is able to avoid being detected by a sandbox, for example.

The findings, which were announced in a release, show a majority were aware that malware can turn a webcam on to see if anyone is sitting in front of the computer (98 percent) and can monitor a keyboard to see if a user is typing (97 percent).

The types of people who responded to the survey included IT security professionals, with a mix of IT managers, engineers and executives, the company reported.

Respondents were also asked to identify the behaviours of specific types of malware. While 93 percent correctly identified a Trojan as malware disguised as something that a user wants or something legitimate, over three-quarters (77 percent) agreed with the statement that a virus actively seeks new computers to infect, which is actually the behaviour of a worm.

Half of the respondents indicated that a rootkit creates a network of compromised devices for use in a coordinated attack, which actually is what a botnet does.

Brian Laing, VP at Lastline, argued that this level of knowledge can be crucial in incident response strategies.

“Malware has been able to sniff out that it resides on a virtual machine (used as a sandbox) for years now, so it is a little worrying that nearly a third of cyber-security professionals were unaware of this,” said Laing.

“Malware often plays a game of deception, pretending to be a perfectly benign program when analysed by a defensive tool. Once it is past defences, it can then perform the malicious activities it was programmed for when running on a user's device.”

Respondents were also given a list of names and asked to identify which ones were strains of malware. Respondents correctly identified the real strains of malware on average 28 percent of the time, with the best results attributed to the widespread malware, Slammer (40 percent) and SpyEye (37 percent).

“When deciding how to prioritise security strategies and technology investments, it's important to know what types of behaviours a given piece of malware has and how they behave. For example, when reading that WannaCry is a worm, it's important to know what a worm is and how it spreads so that you know, for example, that cleaning the initially infected machine will not eradicate it from the network,” he said.

Regardless of the malware used, its behaviour, or its ability to evade detection, malware clearly causes significant pain to security professionals, as highlighted by the final result.

The survey found that 44 percent of security professionals would rather have root canal surgery than making the dreaded walk of shame to the boardroom to explain that they've suffered a data breach. This statistic reinforces the severity with which all organisations treat the prospect of a data breach.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews