Malware Threat Comes Full Circle to Focus Again on End Users
But what’s actually happening is that the cyber-criminals have done careful research and they’ve accumulated the information they need to convincingly pretend that they’re someone else. “We’re seeing more end user attacks,” said Engin Kirda, chief architect at Lastline and professor of computer science at Northeastern University in Boston, who said that people need to be more suspicious about the things they click on in emails. He also said that he was disappointed that education didn’t work as well as it should and that the only thing that seemed to work was after people had been the victims of an attack. This means that companies need to perform more realistic training, he said. Kirda also noted that it was important for companies to have more innovative defenses. He noted that much of the more recently developed malware is able to detect when it was being sent to a sandbox, which is a secure area which seems to the software as if it’s a real computer when it’s not.But even with all of the talk about the rising tide of attacks on endpoints, there is one place where protection is so limited and the target so vulnerable, that attacks on servers continue to have a high rate of success. That target is the widely-used SAP software that is mission critical to many Fortune 500 companies. “SAP is the most overlooked problem in the enterprise,” said Mariano Nunez, CEO of Onapsis. The company has developed security software for SAP systems, but he said that the problem goes far beyond anything his company, or any company, can solve. The problem he said is that many SAP installations have been unpatched for years and the networks that host them are so complex that the companies that run SAP applications of have little effective means of fixing the problem. He said that exploits on SAP systems go on for years because they’re unpatched. Worse, he said that the IT departments are given so little time to perform management tasks that they can make little headway against the malware.. Most of the attackers are nation-states, he said, with other cyber criminals being major players as well. “The vulnerabilities are well known,” he said. What all of this really proves is that the cyber-attacks go after the easiest target. Today those targets are gravitating toward end users because they resist training. But attacks continue to hit vulnerable enterprise software installations because the host companies that use it resist the need to follow proper security management practices. Both problems are preventable, but technology isn’t the only answer. There also has to be the desire to solve the problem.
Cyber-criminals are also good at writing malware that is able to mask its malicious purpose, he observed, although the most advanced security systems are able detect to when malware is trying to cloak its it's behavior.