Malware threats are about to get much worse, in a wave of customized, targeted, professional attacks that will evade or overwhelm premise-based security. Here’s why it’s happening—and what you can do about it.
Malware began back in mainframe days with prank programs, boot-sector floppy viruses, and LAN worms, and then exploded when everybody got high-bandwidth Internet connections. So far, it’s been kept in check by signature-based antivirus solutions at network perimeters and endpoints, backed up by intrusion-detection heuristics to stop malware that arrives before it’s been tagged with a signature. But four malware threats converging that will make businesses change their ways in order to defend themselves.
Malicious code is now as easy to create as email spam—but it will be much harder to stop.
1. More sources, more targets
Sometime in August 2010, the Internet connected to its five-billionth device—and Cisco says traffic will grow another five times by 2013. Emerging markets like China and Brazil are becoming malware hubs. The same "network effects" that create value for businesses are driving the creation and propagation of malicious code. Proof? The Web has become the primary attack vector for 85% of new malware.
2. Criminals follow the money
Why do they do it? Money. Hackers don’t look for recognition these days—it lands them in jail. Malware threats have become the heart of a global criminal industry that steals, manipulates, and sells financial information. Profits are high enough to attract skilled professional programmers, create custom-malware toolkits, and deploy focused, multi-stage, persistent attacks on financial targets inside individual companies.
3. False friends on social networks
Persistent attacks often begin with research on Facebook, LinkedIn, and Twitter—networks designed to exchange personal information online. Social networks identify friends, interests, and employers that are easily used to create a personalized "spear-phishing" appeal—the first phase of an attack. And when 30% of US employees use social-networking sites at work, attacks often begin with a friendly file or link sent over a trusted network you can’t control.
4. It’s not your network anymore
The sad truth is, there are lots of networks you can’t control: protocols and devices, too. Consumerization outruns and evades business-grade security and management solutions—there are too many IP-enabled consumer devices operating over too many proprietary networks for a business to control, or even identify. The malware storm Financially-motivated criminals using automated tools, operating from more connections and places, exploiting new social and network vulnerabilities to attack individual companies with custom-crafted malware—any one of these factors elevates risk; together, they multiply it. Malicious code is now as easy to create as email spam—but it will be much harder to stop. Why? Because your perimeter can’t block attacks that start on an employee’s Facebook wall and execute through a Web application at a malicious site. Your signature-based defenses won’t stop new or unique code. And your "backstop" IDS heuristics will bog down in the tide of new malware, and throw off so many false alarms that business productivity suffers. It’s time for a new approach.
The Malware Defense? Fittingly, that approach leads right back to the Web— the source of all the trouble in the first place. Security as a Service (SaaS) delivered in the cloud neatly solves the problem of high-volume ‘zero-day’ malware without performance losses. Here’s how it works: businesses keep their firewalls and use endpoint security to block local threats. But they route all Web and email traffic to their security provider’s data center network, where it’s scanned, cleaned, and forwarded across high-speed, low-latency communication links. SaaS works by applying world-class infrastructure, skills, and service levels that few businesses could afford on their own, keeping them outside business network perimeters. The malware protection benefits are a close match to the new threat environment:
Geographic and botnet threats are addressed with research-backed global URL reputation assessment
Financially-focused targeted threats – even "one-off" targeted attacks—get in-depth heuristic analysis without tying up business resources
Social-networking exploits are thwarted by correlating data across multiple security solutions: Web and email filters, for example
Mobile laptops and users are protected through the nearest provider data center to ensure that all users, regardless of location, are protected
Choose a SaaS provider that offers transparency so you can see how your traffic is being protected and managed, plus accountability, so they stand behind their promises and claims. Of course, we recommend Webroot —an industry pioneer in business-grade SaaS solutions that integrate layered security, data-protection, data management, and policy management in the cloud. Webroot products come with the industry’s best customer support, and we guarantee their performance and availability. Learn more about Webroot Endpoint Protection, Corporate Web Security, and other Business DNS Protection solutions.