Page 45 - index
P. 45
malware production outfit like the recently breached Hacking Team to see that the other side
employs the same type of software developers that we do.
Black hats have countered signature-based detection the way I would expect. They’ve
developed toolkits like PlugX or DarkComet that spit out zero-day variants in minutes. Whether
you’re talking about bypassing simple antivirus detection by producing a new file-hash variants,
or bypassing sophisticated indicator of compromise (IOC) detection by switching approaches to
process injection, these toolkits can vary an attack with the push of the button.
Mikko Hypponen, in his famous 2012 MIT Technology Review article on the advanced malware
Flame, got the title right when he wrote, “The Antivirus Era Is Over.” Symantec Senior VP Brian
Dye might well have sighed when he confirmed last month that antivirus is dead.
There will always be a resource-constrained portion of the industry that simply dissuades low-
level attackers with signatures and perimeter defenses. But those with profiles high enough to
entice truly sophisticated or state-sponsored actors know full well there is an active battlefield
inside their networks. These cybersecurity professionals have resigned themselves to the reality
of good old-fashioned hand-to-hand combat.
Big data analytics and machine learning are no magic pills, but will help narrow down false
positives and better detect anomalies. To really turn the tide, we need products that are flexible
platforms that support communities of researchers. Instead of leveraging the community only for
fresh signatures, vendor app stores should allow new detection approaches to be delivered
directly to customers as quickly as new malware types are captured. That approach, if adopted
broadly, might begin to even the playing field.
About The Author
Paul Shomo is a senior technical manager in strategic partnerships at
Guidance Software, Inc. He has nearly 20 years of R&D experience,
where he started his career writing firmware for IP routers and satellite
networks. Paul joined Guidance Software’s new product research group in
2006, which launched the industry’s first incident response solution. He
has managed and architected cybersecurity and forensic products. Shomo
holds a BS degree in electrical engineering from George Mason
University.”
Paul can be reached online at [email protected] and at
www.guidancesoftware.com
45 Cyber Warnings E-Magazine – August 2015 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
