2014 was the year of the hack. The year of the spectacular hack. You know this because these major incidents were reported in your run of the mill 6PM news show (not just the tech press).
As we start a fresh new year, what can we expect?
This isn’t your father’s malware
Virus’ and malware started out (in the early days of computing) as a way to show hacking was possible but didn’t harm anything. Then we started seeing basic virus’ that wipe the MBR of a hard-drive but this was easily recoverable. Then we had a lull where virus’ were boring and unspectacular.
A couple of years ago we started seeing malware designed to convert your home computing devices into zombies to power the DDoS attack armies of evil doers everywhere (computer, smartphone, router, smart devices, etc). End of last year we finally found out about Regin (link, link). Regin seems to be the most sophisticated espionage tool the world had ever seen.
This uber capable malware is stealthy and remained unknown for years while it gathered intelligence for its master from government, research institutions, telecommunication companies, airlines, corporations and individual. Researchers believe this was state-sponsored but aren’t pointing a finger to any specific country.
Looking at the tools we use to detect and analyse malware, we also see a significant increase in the number of highly targeted and extremely sophisticated that easily slips through traditional antivirus based security tools. Late in 2014 we even saw a couple that are also cautious not to run in a clean virtualized environment to prevent detection by behavioural scanning engines.
Expect 2015 to be an “interesting” year with highly advanced malware that will require a new bread of detection tool.