Mobile malware and signature subversion – how the channel can help navigate next generation threats0
On a weekly, daily and even second-by-second basis, cybercriminals find new ways to bypass organisations and get their hands on digital ‘valuables’ – be it account details, sensitive corporate data or passwords that can be sold to the highest bidder. The landscape is constantly changing; without the right tools, knowledge and frontline consultants to help navigate this landscape, going about business can be difficult, if not impossible.
This is why the channel and its army of consultants become crucial in helping to put a stop to threats before they happen. The recent McAfee Labs Threats Report: Third Quarter 2013 identified the latest wave of efforts from cybercriminals, highlighting developments that both organisations and their channel representatives need to consider in today’s ultra-connected digital age.
The effect that the Bring-Your-Own-Device trend has had on how employees are using IT in the workplace and the resulting security implications of this shift in technology use, should not be underestimated. As the report suggests, with employees increasingly using mobile devices for work tasks, the type of threat that cybercriminals use as their weapon of choice reflects the change in behaviour.
One of the more startling revelations from this quarter’s report was the detection of digitally signed malware on both PCs and Android-based devices, which increased nearly 50 per cent to more than 1.5 million new signed binaries. The growth in the appearance of this ‘signed’ malware continues to call into question the validity of many of the digital certificates now in use and begs the question of how enterprises and individuals can tell the difference between valid and corrupt certificates. Additionally, our researchers identified one entirely new family of Android malware, Exploit/Masterkey.A. This malware allows an attacker to bypass the digital signature validation of apps which is a key component of the Android security process.
All businesses rely on security controls to accept downloaded binaries if they are digitally signed. These signatures signify that the code originated from a given manufacturer and should be allowed. Many enterprise defence systems have historically taken the stance that if a binary attachment is signed, it should be safe to pass through security systems. Unfortunately, cybercriminals have become wise to this protocol and are now using compromised certificates to camouflage large numbers of malware.
If we can no longer trust digital signatures then IT executives and security responsible IT staff need to be savvier about what protection is necessary. They will need to become more reliant on an ability to detect known malware and evaluate what unknown code is capable of accomplishing if it executes. The channel plays a critical role in the education, tools and consultancy it is providing businesses in line with these new threats.
As mobile devices are becoming the primary target of cybercrime, all security strategies need to adapt and address this change. A solution like McAfee Network Security that not only identifies the latest threats but also freezes them and fixes any discovered vulnerability is crucial. Solutions that offer multi-dimensional capabilities to validate code as it integrates and executes within an enterprise’s system will help to address some of the trends we’ve observed in our latest report. Endpoint security controls, advanced malware inspection, application and device control technologies will be important for any business that wants to embrace the BYOD trend and allow employees to use the tools that best suit them in the securest possible way.
If businesses are to make better decisions about risk, liability, budgets and security strategy, then the channel will need to become a trusted partner and advisor, taking on board the changing security landscape and adapting the recommendations and tools they provide accordingly. The ability to respond quickly, nimbly and effectively to this new challenge will depend on how closely businesses are working with the channel to secure, protect and adapt for future success.