Understanding Modern Attacks - The New Threat Vector

The volume and sophistication of malicious code (also known as malware), whether viruses, worms,  or spyware, is increasing. The threat environment has evolved from a mischievous hobby to a money-making criminal venture that has attracted a new breed of sophisticated hackers and organized crime.

The sophisticated hackers of today are less concerned with destroying systems and knocking out Web servers. They realize that they can gain money from stealing confidential personal information and corporate data and selling it to spammers or those involved in organized crime and fraud. This profit-driven motivation is causing the number of attacks to increase in sophistication, frequency, and severity.

The digital threat environment is rapidly changing not only in the motives of malware writers but also in the vulnerabilities they are targeting. At one time, email-borne viruses were the most attractive weapon of hackers who sought to damage or disrupt business operations. However, there’s a larger threat vector of malware attack -- the Web.

As many organizations are reasonably protected against traditional email-borne malware, the Web channel has become an alternative target for hackers who exploit multiple vulnerabilities in Web browsers and other applications to launch various types of malware attacks, which in most cases are motivated by financial gain.

Web-based threats can propagate automatically through "drive-by" downloads (an infected Web page can exploit a site visitor’s computer without the visitor even having to click on anything located on that page), an email message downloaded from a Web-based mailbox, and other similar techniques. The growing prevalence of Web-based threats that effectively apply these techniques is one of the main reasons for the recent surge in spyware, viruses, worms, keyloggers, and other malware.

Web-based attacks often employ sophisticated techniques to carry out targeted attacks to steal money, identities, or confidential information. For example, keyloggers, when present on a PC, are able to capture and transmit a user’s every keystroke, thereby allowing thieves to get passwords and other identity-related information. Rootkits are installed with malware to hide the presence of the malicious code from users, administrators, and security software.

Web-based attacks are also constantly growing in sophistication. For example, a technique employed with Web-based threats is the use of encryption by hackers to hide malicious code. This helps evade traditional URL filtering and antivirus detection since they are then unable to decode it. The use of Web-based attacks is one of the drivers for the recent surge in spyware, which is evidenced by the dramatic increase in the number of Web sites distributing spyware.

In light of the growing concerns over Web-based threats, demand is rising for solutions such as Web filtering, Web intrusion prevention, Web antivirus, and Web antispyware. However, the growing sophistication of Web-based threats emphasizes the need for real-time, proactive security to complement traditional security solutions based on developing a signature for each new identified known threat. Many of today’s malware attacks are designed to evade these traditional signature based solutions by applying encryption, polymorphism (each sample looks different) fast-propagation techniques, blended malware, and other approaches to infect a large number of PCs before signatures are ready.

Therefore, to effectively protect against emerging Web-based threats, No Panic Computing chose ESET Nod32. ESET Nod32 uses an advanced heuristic engine to dramatically extend its detection capabilities. It also compliments signature-based technology which remains important because some of the threats that have had signatures developed in the past are still in the wild and remain dormant until a predetermined or accidental event re-launches an attack.