Making Sure Crime Doesnt Pay

 

"I have some ideas to make the cyber-crime business much less profitable," said Kaspersky. His grand vision revolves around global cloud-based threat detection and monitoring networks operated by major security vendors, including Kaspersky Lab, Symantec, McAfee and Trend Micro, among others.

Here's how it would work: When a piece of malware is detected somewhere in the world, cloud security systems would analyze it and push out protection immediately to all the other parts of the world. This would effectively limit the size and scope of the malware outbreak. "Just a few users can be used to protect millions," Kaspersky explained.

There is a specific life cycle for malware, beginning with its development and placement online, such as an attack portal. Cyber-criminals then use a variety of distribution techniques, such as spam messages, forum posts and poisoned search results to direct users to click on or download the malware and get infected. Once the user is infected, the cyber-criminal can steal information or use the computer to launch other attacks.

At some point, security vendors come across the malware sample and update their products "at the peak of the infection" with the newly created definition to detect and remove the sample. As more security products get updated, it becomes harder for the criminal to infect new machines. Once it no longer can infect as many victims, the attacker moves on to the next new malware.

In a best-case scenario, it takes a few hours or a day-though it can take more than a day-to detect a malware sample and update the product, Kaspersky said.

Cloud security systems can reduce the time period during which malware is available and the security software has been updated with the latest definitions. That means cyber-criminals would have a much shorter time span in which to make money, Kaspersky said. Cloud systems can detect new malware very soon, or "just a few minutes," after it appears on the Web, because someone on the other side of the world came across a sample through proactive scanning. The service recognizes the malware and won't let other machines in the network get infected.