The bloated, modular Flame malware may or may not be the biggest threat since Stuxnet, but its tardydiscovery highlights the limits of antivirus in a world wheregovernments are investing heavily in offensive cyber capabilities. Today, two days after Kaspersky s Flame announcement and over twoyears since Flame s speculated creation, nearly every antivirusvendor has added a signature for it. It s likely these signature won t add to the security of thebillions of businesses and individuals who fell outside Flame smiddle eastern targets, but no matter how narrow its focus, it wasmissed. F-Secure s chief malware analyst, Mikko Hypponen, on Monday lamented theindustry s failure to identify Stuxnet, Duqu and now Flame beforethey had been spreading for years . While none of these threats affected the masses, any AV vendor witha major government contract would have preferred to know about eachof them earlier than 'years' afterwards. Johannes Ullrich, chief technology officer of the SANS InternetStorm Center tells CSO.com.au that knowing how the AV industry setsits priorities, rather than technical prowess, was why it escapedattention. Flame was used in targeted attacks. Antivirus vendors typicallyprioritise samples based on how many reports they receive about aparticular specimen, says Ullrich. In this case, it appears that the people behind Flame werecareful enough to only affect few hosts to stay below thisthreshold. Only Kaspersky's publicity around this malware madeother anti-virus vendors add signatures for it. As Sophos Graham Cluley pointed out yesterday, it faces around 100,000 new pieces of malware each day. Even factoring in the magnifying effect of polymorphic threats, a fraction of that is likely enough towarrant some prioritisation. On the other hand, vendors have a very good reason not to ignorenarrow attacks if and when they detect them. I believe there is a triage in place for vendors, Marcus Carey,a former cryptography specialist for the NSA and now securityresearcher for Metasploit-owner, Rapid 7, tells CSO.com.au. They also keep in mind how lucrative government contracts are,which places malware that targets governments and largeorganisations on a higher priority. The problem for AV vendors when it comes to such narrowly definedattacks is that they are at the whim of the target. "Sometimes governments do not share malware samples with thevendors for weeks, months, and up to a year in some cases, saysCarey. "Even in this case Iran says that they identified the malware andremoved it in early May however they didn't share the info with AVvendors." Whether it s the volume of malware forcing vendors to prioritise,or government agencies unwillingness to share information withtheir suppliers, if either are true, antivirus vendors appear setto miss more targeted malware as governments expand 'offensive' cyber capabilities . At the recent AusCERT conference, Hyppnen pointed out that defencecontractors like Northrop Grumman, Raytheon, and Lockheed Martinare hiring cyber software engineers with skills to developoffensive cyber tools. If a defence contractor is behind it, as F-Secure suggested today, they would probably not be mystified by thediscovery of the Lua programming language in Flame. Lua might be the preferred language of game makers like Angry Birds creator Rovio, but Carey points out it is alsopreferred by several widely-used penetration testing tools. The fact is that penetration testers have been using tools thatheavily leverage the Lua programming language for the last coupleof years, says Carey. Examples include network scanner, Nmap , the Wireshark packet analyser, and the Snort intrusion detectionsystem. In software development it is common to re-use software to meetvarious goals. It doesn't make much sense to re-invent the wheel,so attackers, including state sponsored , use readily-availableexploits and frameworks to meet their objectives, says Carey. The e-commerce company in China offers quality products such as Sublimated Soccer Jersey , China Customized Sports Bag, and more. For more , please visit Sublimated Basketball Uniforms today!
Related Articles -
Sublimated Soccer Jersey, China Customized Sports Bag,
|