Twenty years ago Stephen Hawking, the leading physicist and author, said that computer viruses should be treated as a life form because they exploit the metabolism of the host computers they infect and become parasites.
The intervening decades have highlighted the truth in his statement, with malware infections growing exponentially. And like other forms of life, viruses have evolved. In 2013 we saw the emergence of ransomware, which criminals used to extort businesses by holding their data hostage and demanding payment for its release.
The next stage in that evolution has arrived with the recent attack against Sony Pictures Entertainment, which has been described as one of the most destructive yet seen against a company, taking much of the company’s network offline for a week. The attack used ‘wiper’ malware which overwrites the drives of PCs, rendering them inoperable. It’s costly to fix because each affected PC’s drive has to be replaced or rebuilt, as well as making it near-impossible to recover the overwritten data using standard forensic methods.
The scale and purpose of the attack led to the FBI issuing a flash alert, warning other organisations about the potential threat – especially as the specific malware used was not detectable by conventional antivirus software. It is this last point that is particularly critical: businesses cannot easily protect themselves against threats that their defences cannot ‘see.’
Unseen, unknown
The problem is that new, unknown malware continues to be released at a rapid pace. It’s relatively easy for criminals to make small adjustments to malware code, enabling it to bypass current antivirus signature detection, which in turn leaves businesses vulnerable. Check Point’s 2014 Security Report, which analysed millions of security events from over 10,000 organisations worldwide, found that on average, a business has new, unknown malware inadvertently downloaded to its network every 27 minutes. That’s nearly 50 unknown malware infections every day.
So what can businesses do to protect themselves against unknown, destructive malware? As a first step, it’s important that organisations implement basic security best practices recommended to protect computers from any type of infection:
Ensure anti-virus software is updated with the latest signatures
Ensure operating system and application software patches are up to date
Install a two-way firewall on every user’s PC
Educate users about social engineering techniques, especially involving unknown attachments arriving in unsolicited emails
Even if malware is able to evade detection by anti-virus software, some of its actions may be inhibited or blocked by the PC firewall or latest software or OS patches. However, these best-practice measures do not offer complete protection against new, emerging attacks. It’s all too easy for even a security-aware employee to inadvertently click on an email attachment, triggering an infection.
The sandbox trap
To defend against new, unknown exploits, a security technique called threat emulation, or sandboxing, makes it possible to identify and isolate unknown malware before it can enter the network, so that infection does not occur.
This entire process takes place transparently for the majority of files – so that even in the rare event that a file is inspected and proven ‘clean’, the intended recipient of the file will not notice any pause in email services. Information about detected file activity is then available to the IT team in a detailed threat report.
Threat emulation is a critical layer of protection for organisations against new, destructive malware strains, acting as a barrier that blocks these parasitical life-forms from attacking networks. While we will never be able to truly wipe out these malicious agents, sandboxing can certainly help to stop them wiping companies’ precious data and resources.
How much do you know about tech security? Take our quiz!
Landmark ruling finds NSO Group liable on hacking charges in US federal court, after Pegasus…
Microsoft reportedly adding internal and third-party AI models to enterprise 365 Copilot offering as it…
Albania to ban access to TikTok for one year after schoolboy stabbed to death, as…
Shipments of foldable smartphones show dramatic slowdown in world's biggest smartphone market amidst broader growth…
Google proposes modest remedies to restore search competition, while decrying government overreach and planning appeal
Sega 'evaluating' starting its own game subscription service, as on-demand business model makes headway in…