Security Still Troubling In Mid-2009

Bemoaning the state of IT security is on par with complaining about the weather, but the occasional check on the status of the problem helps professionals and consumers alike know what sort of climate should be prepared for. Symantec recently released a report, "A Mid-Year Update: 2009 Security Trends" that took a brief look at major movements in the various threats to enterprise and personal computing.

The report identified six significant trends for the first six months of 2009: A rapid proliferation of new malware and malware variants, the effects of the global economic crisis, the rising use of social networks, more spam, and increasingly sophisticated web-based threats. According to Marc Fossi, manager of R & D, Symantec Security Response, there is an over-arching theme that unites all of the trends.
"The nature of a lot of this is how interconnected everything is right now. The advanced web threats and explosion of new malware variants are interconnected. A lot of the threats are being installed through web sites that attack your browser. A threat isn't there for too long a period before it's replaced by something newer in the whole cat and mouse game of anti-malware," he says, going on to explain, "You could get a message on your social network account that points to a "good site for refinancing your mortgage," but the site will actually install a new malware variant."

The report states that, worldwide, there are more than 245 million malware attacks each month. In its explanation of the trend, it's stated that most of these attacks are newly developed variants, not seen before and used for a very brief time. Fossi agrees, saying that the rapid evolution of malware is possible because of widely-available malware development toolkits and large cooperative networks of hackers sharing development efforts and profits.

One of the new trends seen by the Symantec researchers, cross-industry cooperation on IT security, is in direct response to the more-organized malware threats. The example given is the Conficker Working Group, which brought together academics, industry professionals, ICANN and ISP staff to analyze the threat and disable domains most active in spreading the malware. Fossi says that this sort of cooperation will be necessary more often as the profit-driven hacker cooperatives become more accomplished in developing rapidly-morphing malware variants.

Fossi identified two additional strategies that will be necessary as the battle against malware continues. The first is reputation-based security: "Reputation-based security at a group of, say, 10,000 users; if there's a file and 9,000 of us have that file on our computers, then the chances are that it's a legitimate file. If I get a file and no one else has seen it, then the odds are better that it's a threat," he explains.The other key is training users to resist the temptations of social engineering threats: "Social engineering is really coming into play. We see it all the time with spam and we've seen it with malicious code in the past, where attackers take advantage of a high-profile event to set up a web site or send email," Fossi says, explaining, "The technology can really help you, but you have to cut the opportunities first so it has a chance to help. Don't follow links if you have no clue who sent them to you - that's a great example. Don't be the first person to get hit with a new threat - resist the urge to open every file and check out every link that comes to you."