In the wake of news that a highly complex piece of malicious software, apparently developed by a nation-state government and targeting computers mainly in Iran, information security specialist Symantec warns that the number of malware attacks is soaring across the board.
Earlier this week, Iran admitted it had become the victim of malware called Flame, also known as W32.Flamer, and that the software had forced the country to disconnect its oil terminals from the Internet. Flame, which has been described as the most sophisticated software of its kind ever detected, has also infected Windows-based computers in Iran, Israel, Lebanon, Syria, Saudi Arabia, Egypt and other countries in the Middle East and North Africa.
Gordon Love, regional director for Africa at Symantec, says his company detected an 81% increase in malicious attacks worldwide last year compared to 2010. “Over the course of last year, we blocked 5,5m malicious attacks.”
Love says that by last year, Symantec was aware of 403m malware variants. On an average day, it is blocking 36% more attacks than a year ago, he adds. This is due, in part, to the easy availability online of development kits that allow people, even those without high-end programming skills, develop their own malware.
“People with a relatively low level of skills can create very targeted attacks,” Love says. “They can pick up information on high-net-worth individuals and launch attacks on them to collect information.”
Symantec is also noticing more attacks on smaller-sized companies, whereas in the past attackers tended to target large enterprises and governments. “Fifty percent of attacks last year were in companies with fewer than 2 500 employees,” Love says. “Eighteen percent were in companies with fewer than 250 employees [because criminals know]they are in the supply chain of big organisations. Criminals know they are interlinked.”
Are security vendors losing the war? “It’s fair to say that using signature-based technologies — where we detect a breach and write and deploy a signature — this battle is never going to be won,” Love says. “Two years ago, [Symantec] moved to reputation-based security, which is self-learning. So, for example, if you see a file called Windows.exe on 350m machines with a certain date and timestamp, we know it has a good reputation.”
Conversely, if an executable file is found on a relatively small number of machines, the software is able to learn to detect threats. “Without more proactive-type security we are definitely up against it here.”
On the Flame malware, Love says it hasn’t been detected in SA — at least not yet. The malware is spreading relatively slowly as it doesn’t propagate through e-mail or the Web. Rather, it spreads across local-area networks and on thumb drives and portable media.
However, Flame has infected home users’ machines and not only corporate and government systems. Love says that given the complex nature of the malware, the probability is high that it was developed by a government or that its development was funded by a nation state. — (c) 2012 NewsCentral Media