New research from Panda Security shows that cybercriminals were creating new malware samples at a rate of more than 230,000 a day throughout 2015. Security experts from Tripwire have the following comments on it.
Travis Smith, Senior Security Research Engineer at Tripwire :
“Cybercriminals know how good guys work. Historically, the good guys detected malware with signatures; a description of what the malware file looked like. Now, more often than not criminals are re-using existing malware using a technique called polymorphic code. This technique allows hackers to make the same piece of code look different on each infected computer. The best way to stem the tsunami is not to detect the tools the attackers use, but rather detect their techniques.”
Craig Young, Cybersecurity Researcher at Tripwire :
“Looking at figures such as the ones reported by Panda, it is not hard to understand why anti-virus vendors have a hard time keeping up. Twenty years ago it may have been sufficient to simply scan for known signatures of malicious software but in 2016 with a constant stream of new malware along with variations of old malware. Effective security solutions now need to closely monitor the system for behavior associated with malicious programs such as manipulated DNS settings, new browser plugins, and new startup items. Recognizing and preventing such activities goes a long way toward defanging all but the most pernicious malware.
Unfortunately the data from Panda is a clear indication that crime does pay. The malware industry has evolved into a complex criminal economy with a community of specialists ranging from programmers and translators to service providers and money mules. Individual malware campaigns have been cited as bringing in revenue in the hundreds of millions of dollars per month attracting many unemployed or underemployed technical experts from around the globe. While this is an illegal enterprise in much of the world, some countries do not take action against malware distribution and allow virus writers to operate rather openly.”
Tripwire is a leading provider of advanced threat, security and compliance solutions that enable enterprises, service providers and government agencies to confidently detect, prevent and respond to cybersecurity threats. Tripwire solutions are based on high-fidelity asset visibility and deep endpoint intelligence combined with business-context and enable security automation through enterprise integration. Tripwire’s portfolio of enterprise-class security solutions includes configuration and policy management, file integrity monitoring, vulnerability management and log intelligence.