Saturday, October 23, 2021

Rising malware pave way for security ‘white-list’

Two reports out this week on the State of the Union security-wise, and, as you might have expected, there are some divergence in the conclusions. They’re also complementary in a way, and the pair gives a clearer picture of the security battlefield.

Symantec Corp. took the wraps off its twice-yearly Internet Security Threat Report at 12:01 a.m. Monday. IBM Internet Security Systems chipped in with its two cents later in the day.

There are some things on which the two reports agree; first and foremost that the black hats are becoming more professional and profit-oriented. “There’s money to be made in the attacks today,” Michael Murphy, GM of Symantec Canada, told journalists and analysts at an embargoed briefing on Friday.

There’s also a growing element of commercialization of the malware market. “The majority of attacks today are generated by tool kits you can buy,” Murphy said. MPack, for example, is a $1,200 phishing tool kit which compromises legitimate Web sites and redirects traffic to an MPack Server, which downloads a “small, modular threat” to the user’s system.

Further to the commercialization point, IBM Internet Security Systems’ X-Force R&D team points to a burgeoning “exploits as a service” industry (and coins the rather innocuous title of “managed exploit provider”). And the MEPs have added a leasing element, allowing malware perps to test exploits for less upfront – a sort of “try before you buy” arrangement.

The two agree that Trojans are the predominant Internet threat this year. Worms and viruses are pass

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication. Click this link to send me a note →

Jim Love, Chief Content Officer, IT World Canada
Dave Webb
Dave Webb
Dave Webb is a freelance editor and writer. A veteran journalist of more than 20 years' experience (15 of them in technology), he has held senior editorial positions with a number of technology publications. He was honoured with an Andersen Consulting Award for Excellence in Business Journalism in 2000, and several Canadian Online Publishing Awards as part of the ComputerWorld Canada team.

Related Tech News