Malware is traditionally not in the purview of network security. However, network security is well positioned to defend against this threat and many of the bad guys that may have launched traditional attacks are now changing their plans to incorporate malware. Why the change?
Cyber criminals are no dummies. If it is easier to attack from the inside, why not innocuously get inside first, then launch your attack. Intrusion prevention systems (IPS) are tuned to look for outright attacks in the network flows coming into the infrastructure. They do not usually look for attacks originating from the inside. Delivering a malware file, especially to an IPS that is looking for attacks and not file delivering, is not typically seen as malicious.
Delivering an unknown payload into an infrastructure is actually easier than delivering a known payload. Why? Most security products focus on finding things they know to be bad – looking for known patterns of malware is exactly what pattern matching is all about. Recompiling a malicious payload after some minor adjustments often obscures the pattern, meaning the payload is unknown and passes through the defenses.
It pays to be patient. Security products typically do not have a long attention span. Though stateful, firewalls hardly spend more than a second making a determination about a flow before moving on to the next flow. IPS solutions, traditionally, may spend a little more time on flows they examine, but we are still talking about seconds. So malware that installs, but patiently waits for minutes, hours or even days will typically evade any stateful behavior monitoring by network security.
Taking these things into consideration, not only are targeted attacks becoming the choice for cyber criminals, but delivering a malicious file that can launch its nefarious activities from the inside the defenses is on the rise. Malware fits this trend, and in fact, the overall threat trends (see the 2013 Threat Predictions, by McAfee Labs) show that malware is on the rise. Fortunately, paying attention to the trends, McAfee Network Security Platform is poised to defend against malware in ways no other IPS can. Stay tuned to find out more.
Tags: 2012, 2013, Android, Apple, attackers, cell phones, cloud, corporate network, cyber criminals, email security, enterprise security, google, hacker, Hackers, information, internet, internet connected devices, Intrusion prevention systems, iphone, IT Security, malware, malware samples, McAfee, McAfee Labs, McAfee Network Security, McAfee Network Security Platform, mobile computing, mobile malware, mobile platform, mobile software platforms, network, Network IPS, Network Security, OS, quarterly threat report, security, smartphone, tablet computers, tablet security, web security