Cyberwar Reality: It’s All About the Payload…

Twenty years or so ago, malware (then known only as “viruses”) were generally bits of code that inserted themselves into applications, and when run, replicated themselves to other applications, and were destructive to the systems they operated on. Your applications would become infected to the point of not functioning, and/or your entire hard drive could simply be wiped out.

Eventually, some genius of malware authoring figured out that it was a pointless endeavour to simply vandalize a victim’s computer – why not start secretly acquiring data from those computers for profit? Malware evolved into keyloggers and screen scrapers (to collect password data), and data miners (for acquiring credit card numbers and banking information). This methodology has grown to the point where these malware applications have been reclassified with specific labels such as “ransomware” (malware that holds your computer hostage until you “pay up”), “vandalware”, “creepware”, or simply just “crimeware.”

I receive calls every other day from people who want me to heal (clean) their infected computers. Recent statistics have indicated that 431 million web users worldwide in the past year were hit with some variety of malware (http://www.symantec.com/content/en/us/home_homeoffice/html/cybercrimereport/). The report also revealed that more than a million people are victimized by cybercrime every day, averaging 14 new victims every second. Mobile device attacks are also on the rise. The report suggests that US losses to cybercrime in the past year are estimated at $32 billion. While many of these malware attacks could have been easily preventable with basic security software, a lack of preparedness on the part of users to have updated patches and security software installed (and updated) is mostly to blame.

The problem is even worse in the corporate world, where enterprise servers and employee desktops can be out-of-date on patching by as much as 6 months to a year.

In the near future, authors of malware (or some organization delivering malware) are going to unleash a seriously malicious payload that will start destroying data on machines and corrupting the operating capability of personal and corporate computers. The frivolity towards security by users and corporations will leave us completely vulnerable to such attacks.

In 2004 and 2005, I was a guest on several radio shows discussing computer security, or the lack thereof, and the inevitable fact that at some point in the near future, sophisticated malware will become destructive once again rather than just gathering and ransoming your data. Feedback from these shows was less than receptive – or simply ignored – and is largely ignored today.

In the future the tools that crimeware creators and malware authors have produced and used to mine your personal data will be easily modified to destroy your data. Ransomware is just the first step (I recently witnessed the destruction of data, and corruption of the operating system on a computer infected with ransomware – just by the action of cleaning the malware from the system). The fact that so many (431 million) personal computers have been compromised in the last year alone – and could very simply be wiped out by malware if it were configured to do such – will be an inevitable modulation of malware technology – and the near mythical term “Cyberwar” will have become reality. The daily discovery of zero-day exploits, and the overabundance of vulnerable unpatched Windows PCs has created a wide-open playing field for those who wish to control you. The recent and successful attacks on corporations and the specific targeting of defense contractors presents and even scarier scenario – were the payloads more destructive.

We really don’t know when this reversion to destruction will start to appear, but it will be the logical next step in the progression of malware design. The sophistication in the design of malware such as evidenced in Aurora, Stuxnet, and Shady Rat will only become even more villainous in its raison d’etre when certain organizations decide to use malware as a tool of war.

People and organizations know what needs to be done in order to prevent this from happening, but rarely do anything proactive to ensure their safety. Unfortunately, it will take a few tragedies involving these destructive payloads to deliver a wake-up call.

Cheers……

Advertisements

One thought on “Cyberwar Reality: It’s All About the Payload…

  1. Pingback: Destructive Malware on the Rise….. « M I C H A E L T H E R O U X

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s