PandaLabs is at the forefront of virus detection as the research division for Panda Security. PCR asks the vendor’s technical director of research Luis Corrons about the nature of malicious malware attacks.
Why are consumers and businesses becoming more concerned about security?
If we take a look at the malware landscape, 20 years ago most malware was notoriously destructive rather than built for financial gain, and users knew they were infected. Then, when professional cyber criminals stepped in, most malware was designed to be hidden in the victim’s computer for a long time, so they could steal all kinds of information, use it as a bot, or anything to make money.
We still see stealthy attacks, but on an unprecedented scale with serious security breaches happening to big companies and ending up on the news (Yahoo, TalkTalk, World Anti-Doping Agency). The breaches, using advanced persistent threat (APT) techniques, are not known about until it’s too late. The data is gone, along with the company’s reputation.
There has also been the resurgence of destructive malware, but now the cyber criminals have a profitable business model with ransomware. The FBI considers ransomware to be the first cyber crime ‘Unicorn’, as they believe ransomware will generate $1.2 billion in 2016.
Every time a user or company gets infected with one of these nasty pieces of malware, it does not go undetected. The ransom message is displayed on-screen, and the individual or company loses their data or their money.
If the cyber criminals realise they have encrypted files of greater value, they can increase their ransom. The IT company VESK and the Hollywood Presbyterian Medical Center paid nearly £20,000 each to have their data back.
Both ransomware and APTs are good wake up calls for users to take security more seriously.
Trojans account for more than half of all malware. Why is this the case?
Trojans offer the greatest functionality needed by cyber criminals. That’s why there are very few classical worms or viruses nowadays. Ransomware, for example, is a Trojan.
What can be done to protect computers from this more sophisticated malware?
New protection approaches are needed. Traditional security solutions just look for files they recognise as malicious, anything unknown is considered to be fine and allowed to run. There is a need to monitor and classify in real-time every process that is running on the computer, so any malicious behaviour can be detected and blocked – otherwise we are leaving the door open to attackers.
What will the future look like for security, especially cross-platform security, and how will this impact PandaLabs’ research?
The forecast for security is stormy. The Internet of Things (IoT) is going to become one of the biggest headaches for everyone, from security firms, to businesses, and consumers.
IoT devices are not designed with security in mind, and many of them are really easy to hack and compromise. It is a varied world with different kinds of hardware and software. Security companies will have to figure out a way to offer protection for all these devices in a simple way.