Experts warn us to brace ourselves for a cataclysmic "Pearl Harbor" moment in cyberspace. But in fact the attack is already underway, and has been for a long time.
Corporate, technology, and government targets are being swarmed every day, in piecemeal, pinprick fashion, by increasingly sophisticated enemies who seek and exploit vulnerabilities in millions of ways.
Our threat researchers at McAfee find a new specimen of malware every second. Only a few years ago it was a new one every fifteen minutes, and we thought that was an onslaught. (In the McAfee Malware Zoo we have more than 110 million unique exhibits.)
Our most recent threat report shows attack techniques developed for use on financial-industry targets are now being focused on other business sectors and government agencies. The volume of malware out there is at an all-time high.
This didn't happen overnight. The wake-up call we're getting for comprehensive, integral network malware protection may be under the radar for now. But we're assuredly getting it. The attacks go on, one seemingly benign click at a time…perhaps with you as unwitting accessory.
So stop scanning the horizon for a grand, Pearl Harbor-scale strike and start watching your own screens. That's where the action is.
Here's how it happens:
You're at your laptop, sailing through an overnight's worth of unopened emails. In among the spam, there's one from a co-worker and friend. It looks plausible. Without thinking you click on the link you were sent — not realizing its real nature: it's a spear phishing email, sent by cyber-criminals, containing a link to a malicious website.
A background download drops an undetected rootkit; the malware now has control of the endpoint and goes in search of your employer's financial server. It locates and exploits vulnerability. Sensitive target data is exfiltrated. Future updates to that data are at similar risk. And if corporate IT ever tracks down the malware on the server, the bad guys have planted a backup on your laptop.
Mission complete. And you didn't notice a thing.
That's what we're up against, with so many possible points of entry to defend: email, websites, smartphones and other diverse devices.
The best defense – the only defense, really – is to design and deploy a comprehensive malware protection strategy interconnected with dynamic data sharing, identification, containment, and remediation.
While the threat has recently escalated, organizations focused on tech security have been working on this kind of protection for a long time.
Those of us in the industry have to make constant improvements to strategy and technology, because our enemies move just as fast. New innovations include:
- Malware behavioral detection that can spot dynamic changes and suspicious memory activity intent.
- Deep, constant, global visibility across a network to ferret out threats. New technology we've developed scans the network for malware based on signature-based, behavior-based, and reputation-based methodologies.
- A "sandboxing" strategy that sequesters suspect malware, gives it a dummy copy of its intended target operating environment, and lets it run to determine its mission, assess potential damage, and prevent sister malware from infiltrating the network in future.
This goes far beyond maximizing protection for a single device or server. We have to create a whole security ecosystem with malware protection at its core. In this world security isn't a product, or anything we can ship you in a box. It's a design approach – a way of thinking.
You might conclude, based on the recent uptick of press coverage, that cyber-security threats are a new issue—or at least have recently escalated to more worrisome levels. In fact we have waged this quiet war for years against a burgeoning list of enemies, mostly out of the headlines.
All that has changed is the rate of change, so to speak – the rapidity with which cyber-criminals test, probe, refine and probe again. Staying ahead of them and protecting our networks, information systems, and intellectual property is a national security priority.
There's little chance the Internet will experience the equivalent of a sudden, catastrophic mushroom cloud. But the relentless pinpricks underway can do just as much damage. We need a joint continuing commitment to comprehensive malware protection from public, private and diplomatic sectors to allay the risk of slow, insidious, and expensive decline — as harmful to our way of life as any attack on the brick-and-mortar world.
Pat Calhoun is a digital security expert and Silicon Valley veteran who is responsible for the strategic direction of McAfee's network security business unit. He can be followed on twitter at @calhoun_pat.