When I was shifting through my feeds and bookmarks earlier today, I found an interesting link posted by the Trend Micro blog. You can find it on my twitter. Actually, the article was rather short but it contained a very interesting and easily accessible overview over what they called the ‘metamorphosis’ of cyberthreats. It basically illustrates different phases in the development of malware since the beginning of the Internet. It kind of reminded me of the phases in Earth’s history like Ice Age and whatnot that we learned in geography class in school.
Anyway, they categorized it in four phases:
1. Virus Era. The Virus Era features viruses such as Brain or Michelangelo. These viruses were either pranks/ fun or to increase the notoriety of the developer. Basically, it was a tinkering age.
2. Worm Outbreak Era. Worms such as Iloveyou or Sasser are well-known representatives of this era. They were mainly created to boost and spread not only themselves but also the notoriety of their developers.
3. The Web Threat Era. Not long time ago, rootkits such as ZeuS and social engineering malware such as FakeAV hit our malware scanners. This age shows the first serious attempts of making it about money.
4. Social Attacks Era. Stuxnet and Droidism (basically malware code in Android software on the free Android market) mark the last stage in the development of malware. Sophistication of malware targeting money has been drastically increased and at the same time malware focuses on political goals such as sabotage.
Does this morphosis also holds true for the Internet? Is the Internet the driving force behing the development of malware and if so what can we do?
If you think about it, during the Virus Era, computers and the Internet were not really widespread. It has not had a lot of users and therefore the only thing you could do was to mess up some others computers. They were also nerds to the only thing could really be about was fun, notoriety and maybe payback for losing in a game or for a fun virus in return. The Worm Era on the Internet meant the time when more and more people got hooked up to the Internet and subsequently the average knowledge of security sunk. More less secured computers hooked to the Internet meant a good opportunity for spreading malware. So far it makes sense and consequently one could argue that not only form follows function but also malware follows development of the cyberspace. Between that stage and the Web Threat Era a lot of time passed. Well, comparatively a lot of time. Relative to what is a lot of time in the development of the Internet. Now it was about money. How could it come so far? Even more people got hooked up to the Internet and instead of only increasing the quantity of people using these services also the quality of services included. While people back then were having an email address and maybe an account for a bulletin board or forum, now they had accounts for shopping sites, online banking and online games. All stuff that – in the wrong hands – can be converted into dirty cash. The opportunity was there, and so were the new malicious malware tools. Credit card numbers, Paypal accounts, everything could be turned into money thanks to ZeuS and companions. It is therefore not surprising that the comparatively ‘harmless’ malware developed to life threatening malware. What could it do before? Threaten your credibility by sending fake emails with malware? Deleting your (backed up) date? Harmful but boring. Now, it could cost you real money that you worked hard for. What happened then was a fast development into social media and social networking but also more and more shifting of political entities into cyberspace. Money as a target was joined by identity theft and political agendas. When the database of NATO is hooked up to the Internet why not attack it? When the guy I hate so much has all his information published on the social networking sites, why not conduct some payback action using all the freely available information on the net?
All I am saying is that the development of the Internet, its very own metamorphosis, directs the development of malware. While we are normally arguing that IT security has the problem that malware has first to be created before we can react to it, it does not hold true for the macro level. If there is no social networking, there is now way of exploiting it. So, on a macro level we should assume what types of malware new trends can generate and act pro-actively. You know already what can be done with code, you know where the trends are heading – be a step ahead and generate macro level security before everything has to be fixed on the micro level after it blew up already.