Malware Evolution

Malware threats today are far more serious than they were before. Why you may ask? It is because malware threats today have the ability to infect millions of nodes and coordinate all of them to perform a single purpose – create havoc on the internet superhighway. Aside from that fact, modern malware can be undetected when they pass through tough security boundaries, they are adaptable and it has more application compared to other worms and viruses. Because of the threat of modern malware, there are many ways to deter the threats of malware.

Malware’s History

Four decades ago, a bright individual in BBN named Bob Thomas made an experiment about mobile application, thus came the Creeper program. Creeper program during those times was very astonishing because it was the first program to transfer from one computer to another, through ARPANET. Thus, the very first computer virus, and with this experiment it has exposed the very principle of malware – the ability to spread in a network.

The appearance of Morris Worm back in 1988 showed the power of these simple programs in certain uses and applications. Many years later until the early years of the 21st century malware has continued to evolve; gaining more functions and increasingly more infectious. But even the advances in malware technology, there were still limitations in the code of the malware itself.

Malware Synthesis

By the year 2007, malware has finally changed and made a sudden evolution. During this time, botnets finally appeared and it has changed what many of us believe about malware. Unlike their predecessors, botnets are centrally controlled by a cyber criminal; botnets in different infected computers would cooperate together as one massive application. Aside from this, malware have become more intelligent and are not limited to some capabilities and applications.

This malware evolution has changed the world of malware and cyber criminals have found new ways to develop different kinds of codes for their malware. Instead of the common capabilities of malware such as sending spam, malware can perform dangerous attacks. The command, control and the stealth capabilities of malware have greatly improved far from before. Attackers who use malware program can update it to suits his needs; one day it could send spam mails, the next day it would steal personal information. That is why companies and other organization must have incident response teams.

Our Modern Malware

Because of the evolution of malware and its complex structure nowadays; it is best to know more and understand malware. For us to better understand malware, we need to understand its lifecycle.

Malware begins with infection. The way how they were delivered whether, in a file, from an infected web page or how malware communicates with their author. Persistence of a malware should also be understood because there are malware that can disable antivirus, install backdoors, use rootkit and others. This area should be understood especially by many companies so that they can handle these problems by conducting incident handling training

Once the malware has taken resident in a victim’s computer or system, it will look for ways to communicate with the author without triggering the security system. A malware that can communicate means that they are dangerously, powerful malware; if malware cannot communicate, then they would appear like regular viruses or worms. Powerful malware can communicate via non-standard ports, proxies, encrypting traffic and tunnel within some applications.

Malware will be updated by their authors, they will receive new commands and controls that would make them accomplished the programmed tasks. It can be updated from exchanging of messages from different network or file configuration. Sometimes, malware are programmed to look for ways to connect with their author, when the connection has been severed.

Finally, malware have different functions and behavior. Some malware will target certain information or details in a certain company while some would vary from time to time – depending on the needs of the author.

If we understand these important factors that would define the modern malware, then it is possible to control the possibilities of malware attacks on companies. Companies can then employ the use of tools and better security programs to deter malware; they can also hire a person or a group of people to handle these problems but they must have completed incident response training and other cyber security trainings so that they can perform their tasks much better.

The International Council of E-Commerce Consultants (EC-Council) is a member-based organization that certifies individuals in cybersecurity and e-commerce. It is the owner and developer of 20 security certifications. EC-Council has trained over 90,000 security professionals and certified more than 40,000 members. These certifications are recognized worldwide and have received endorsements from various government agencies. They also offer trainings in incident response.

More information about EC-Council is available at www.eccouncil.org.

Information Security Measures for Your Company’s System

Almost all companies will hire highly paid, competent and skilled security professional; companies would even pay for their incident handling training or any other information security training just to have someone who will be able to watch over their systems. A person who can configure the access policies in a company’s system, patch the computers and improve the overall security of the company’s system.

While on the other hand, they will hire a security guard on a minimum wage just to protect the company’s million dollars worth of computer equipments.

If you are a hacker, which path will you likely try to take in order to steal the company secrets? Would you spend hours, days, weeks or months just to hack into the company’s tough security network and in the event of entry you will be automatically barred off by the watchful eye of a highly paid cyber security expert? Or would you try dealing with the poorly paid and motivated security personnel?

Although, hacking the company network is one of the greatest threats a company will ever face, still there is one great threat that they always overlook. That threat is hacking the security guard or social engineering and that danger is always imminent. Without the collective efforts of computer security and physical security, then there is no information security.

Information security is the combination of complete access control on the computer systems as well as the building management. It ranges from how the people get in and out of the building, how the staff dispose their garbage, computer security, incident response, background check in every employees, video surveillance and etc.  One of the most common lapses in the company’s physical security is when one door in the building is unlock when one of the employees leave the building for a break. This will completely cancel out the expensive card key system of the building and an information thief will just wait for the right opportunity when employees leave the door open or unlocked.

Every social engineering attacks used in stealing information have different approaches or tactics. The easiest targets for these thieves are untrained, poorly paid and poorly motivated employees because these employees are the easiest person of the company to influence. It is not about having more security personnel; it is all about telling the employees what to do and what to look out for. A motivated, well trained and well paid employee will enjoy the job they have and are always responsible; they will not let their bosses down because they feel that they are needed by the company.

When hiring new employees, companies must include a complete background and credit check; this way companies can determine who to hire or not. Candidates who have filed bankruptcy should never be hired, because they can easily be bribed or perhaps seduced into selling the secrets of the company. In fact, those people who have filed bankruptcy aren’t given any security clearances by the federal government.

Hackers could easily steal important information not on the system of the company but from the hand held devices or laptops of employees that are left at their car. Often times, employees will just leave their access cards inside their cars. Companies must have strong policies against leaving behind important devices in the car; instead they should be stored in a secure location inside the company premises. Company websites mustn’t share the names, position, bios and other information of their employees because this could open new avenues for thieves to exploit.

Companies must also train their security personnel about the company’s computer network; they must have the basics about the technology as well as the servers so that they are more aware on the things they should be protecting. Security personnel must be on the look out for hard drives external drives or any writeable media that can be used to steal important company data and secrets.

Finally, the last thing every employee must do to protect the company’s network is to log off the computer after using it – employees don’t need any incident response training for this. This is common knowledge because a hacker who was able to get inside the company will install a software or root kit that will be used to steal information.

The International Council of E-Commerce Consultants (EC-Council) is a member-based organization that certifies individuals in cybersecurity and e-commerce. It is the owner and developer of 20 security certifications. EC-Council has trained over 90,000 security professionals and certified more than 40,000 members. These certifications are recognized worldwide and have received endorsements from various government agencies. They also offer trainings in incident response.

More information about EC-Council is available at www.eccouncil.org.