To say that malware has exploded in the last few years really is an understatement. It is less an explosion and more of an implosion, a catastrophic one at that. Imploding into our computers, stealing our data, our financial details and our intellectual property and sometimes ransoming us to add salt onto the wound, nice touch hackers!

Malware growth has increased year after year. The USA has, according the Fortinet 2014 Threat landscape report, seen the largest number of targeted threats with 55.69% of the global total of threats directed at North America. Whilst, Symantec’s Internet Security Threat Report found that more than 317 million new pieces of malware were created in 2014. Coupled with this is the increasing use of human behavior as a conduit to an attack – social engineering being a perfect mechanism to get a user to reveal details like credentials, or click on a link or attachment as it seems important.

Hacking is also becoming more organized and easier. You can get a tool called Wifi Pineapple, which allows you to hack wireless communications, the manufacturers describing it as a ‘Hacker Companion’. Meant for kosher penetration testing purposes, anyone with a mind to sniff some user credentials across poorly secured networks can use this tool.

Malware is also becoming more sinister and aggressive. From the early days of the almost sweet and cute malware attacks, such as the first computer virus ‘Elk Cloner” which displayed a poem on screen when you became infected which rang out:

“Elk Cloner: The program with a personality
It will get on all your disks It will infiltrate your chips Yes it’s Cloner!
It will stick to you like glue It will modify ram too Send in the Cloner!

The worst problem Elk Cloner causing being a pain in your head as you rolled your eyes when reading the poem. To the now nasty malware known as ransomware, an example being Cryptowall, which, on infection, will encrypt your data (even that on Cloud repositories) before displaying a message telling you to pay up (around $500-$1000) if you want your data back; and to add salt to the wound you have to pay in bitcoins.

The latest in a long line of more and more sophisticated malware is Rombertick. This malware threat was discovered earlier this year by Cisco. The usual vector of email attachment is used. The attachment, as is often the case, looks like a PDF document but is in fact a .scr executable file, which upon clicking starts the installation process. Once Rombertick is installed it is designed to insert itself into a browser and then using a process of exfiltration of sensitive data, such as login credentials from as many websites as possible (not just banking sites) sends them onto a designated server. The thing that makes Rombertick special (if that is the right word) is that on detection and attempted removal, it will attack the Master Boot Record of the computer and then restart it to make it unusable. It is basically a computer mass murderer. Rombertick is an incredibly sophisticated piece of malware. It uses layers of encryption and anti-analysis checks to ensure it remains in-situ so it can do its job.

With the arrival of sophisticated malware such as Rombertick and the massive increase in malware threats in general, our friend, anti-virus software has essentially stopped working. Network security specialists, FireEye describe modern signature based virus solutions being a bit like ghost hunters, because they found that 82% of malware disappears after 1 hour. We are in a situation whereby anti-virus software is a little like, shutting the cart door after the horse has bolted. We continue to rely on anti-virus software however, as a kind of comfort blanket, with Marketresearch.com predicting the AV software market to grow to over $30 billion by 2017. It’s also interesting to note however that the global cyber security market, which includes products for cyber security prevention, monitoring, detection and eradication, is expected to be worth over $155 billion by 2019, cyber security is big business on both sides of the security divide.

I don’t think we should discount anti-virus software altogether and AV vendors are putting much effort and resource into research and development of their products. However, the answer cannot be left at AV software’s door. We need to be proactive rather than reactive when it comes to malware threats. Education is one area that we need to utilize; training employees about malicious emails and attachments will go a long way to managing the malware threat. The other area we can proactively engage in is patch management. There is a plethora of products out there, to handle patch management. Small companies, which are a particular target of hackers because of their lack of resourcing in the area of security, will find the help afforded by automated patch management systems a major help in protecting their systems. Many of the exploits used by malware to perform their attacks are because of software vulnerabilities and as vendors bring out patches it’s vital to promptly apply those patches.

The war between the hackers and their prey will continue; hackers are skilled at creating highly sophisticated software, helped along by human behavior. Until we get control of the behavior and manage vectors like software vulnerabilities, we will always be in the situation of malware control catch up.