Customization has been a primary focus for new technology innovation in recent years, but on the wrong side of the Internet security continuum, it may prove to be extremely dangerous. Dark Reading's Robert Lemos wrote that a new class of crimeware is allowing attackers to combine mass market availability with individual customization for a powerful product. Unsuspected consumer and professional targets may be caught off guard by one of these convincing mature traps.
The ability to customize and target these attacks can allow cybercriminals to more easily fool victims and evade existing Internet security defenses. Malware authors are now searching for ways they can make their bugs even more successful, according to what Peleus Uhley, platform security strategist for Adobe, told the news source.
"The techniques and code have reached a level where the process of creating an attack for a specific victim is becoming increasingly streamlined," he told Lemos. "If an attack of sufficient quality such that it involves interchangeable parts that can be easily customized for multiple individual target, then we consider that exploit to have achieved mass customization."
Shawn Moyer, managing principal at security services firm Accuvant Labs, told CSO that a big danger is just how common these pieces of malware are becoming in the wild.
"The advanced attack is getting more pervasive," Moyer said. "In our engagements and my conversations with peers we are dealing with more organizations that are grappling with international infiltration. Every network we monitor, every large customer, has some kind of customized malware infiltrating data somewhere. I imagine anybody in the global 2,500 has this problem."
Old malware not as successful
For organizations that have successfully implemented a layered data security program, there likely isn't much problem in detecting a mass malware threat, Lemos said. The problem now lies in how successful these customized attacks become, as the fast exchange of data can cause problems for firms and companies alike to keep up with.
Johannes Ullrich, director of the SANS Internet Storm Center, told Lemos that combining data aggregation and online marketing tools can create automated messages that give users enough incentive to click something they'll later regret. This is something of a cross of spear phishing and mass-spam phishing that can be deadly for many users, Ullrich said. Adam Kujawa, the lead malware intelligence analyst for Malwarebytes, said in addition to new defense tools, companies should be sure they are training users as to what to look for in spotting customized malware.
"Users should all be informed, aware, and educated," said Kujawa. "That is the best way to fight any of these threats."
How this malware operates
Francis deSouza, senior vice president of Symantec's security group, said at a conference these new customized threats were likely inspired by Conficker, a more difficult threat to detect due to how many advanced methods of attack it used. The breaches are broken down in stages: How to get in, how to map out a network, how well information is protected and getting it out.
"The first two stages have to be very 'stealthy', as are the techniques used, as they don't want to be discovered on the way in and in most cases the infiltration can last up to a year, but the third and fourth stages are over in minutes and tend to be messy and loud because criminals don't care about being noticed at that stage – they know most organizations can't react fast enough at that stage even if they are discovered," he said, according to SC Magazine
In order to keep defenses up as well as possible against this malware, companies should adopt and keep data security programs updated as well as possible. Current directories are needed to ensure the latest malware can be kept away from the organization.
Security News from SimplySecurity.com by Trend Micro