Beware of malware
MUSCAT: Internet has become an integral part of our daily lives and it plays a driving role in modern society. With a rapid development of technology coupled with human needs, internet technology has grown exponentially over time, offering numerous functionalities and facilities.
Starting from communication to operating business and effective governance, the role of network or internet as a whole is undeniable. With such phenomenal growth of the internet in recent years, its security becomes a prime concern for individuals, society, organisations and government establishments. Because of its prime importance in our life and society, its privacy, integrity, reliability and availability must be ensured. We must safeguard the network and control its operation from being taken over by some malicious entities. Malware is a major security threat to the internet. Malware has become a tool for cybercriminals to launch serious attacks in the network - such as information theft, cyber spying, denial of service, etc. Many other network threats such as phishing attack; spamming, unauthorised financial transactions are also the direct or indirect result of malware attacks.
The journey of computer worm started as early as 1970 when ARPANET started its operation of carrying packets over a small network. During that time number of machines connected was limited, therefore the worm outbreak was not epidemic. Now the internet has grown on such a scale that almost every computer and the communication device is connected, enabling the spread of malware at an epidemic rate.
In recent years, we have witnessed some of the very serious worm attacks on present network infrastructure, causing huge financial loss and social disruption. For example, Conficker worm first observed in 2008 by Symantec to be fifth ranking global threat in their official global threat report, exploited Microsoft vulnerabilities, spreads over 6.5 million hosts. StuxNet appeared in 2010 targeted at disrupting Internet had shown tremendous potential of causing huge damage to the network. Falme (also known as Falmer/ Skywiper) hit the internet in 2012 causing cyber espionage primarily in Middle Eastern countries. Ransomware Locky made news headlines in 2016, which attacked millions of computers in Europe. 2017 witnessed worldwide WannaCry ransomware attack targeting vulnerable windows computers, encrypting data and demanding ransom payments in the Bitcoin cryptocurrency. The sophistication of worms has reached to such a stage that it has become a weapon of modern cyberwar.
Malware has sharp resemblance with the biological pathogens in terms of propagation. Biological pathogens spread from one living being to another in a very short span of time. Similarly, malware also propagate rapidly from one host to another host and one network to another network, in order to spread infection in a major scale. This spread can be epidemic if control strategies are not called in time.
Most of the available defence mechanisms against malware are reactive, which means they work after substantial damage has already occurred. Although there is a continuous improvement on the intrusion detection system, no full proof solution is available to defend new malware attacks.
Existing malware detection may be broadly categorised as anomaly-based detection and signature-based detection.
Anomaly-based detection study past traffic statistics and host behaviour to detect unknown worms. Though this method is found to be effective in detecting unknown worms, it generates a high false alarm because of dynamic and unpredictable characteristics of legitimate as well as malware programme.
Signature-based worm detection looks for a specific sequence or pattern in malware code. This pattern or byte sequence is stored in a database. In the event of any reported unusual activities, signature matching has been done to determine whether the programme is legitimate or malicious. Signature-based method is easy to implement, however, they are not effective for detecting unknown worms.
Researchers are continuously working on a solution to secure our valuable digital assets, but it remains largely an open problem due to complexity and sophistication of the modern worms, which employs multiple vulnerabilities in much faster rate than human response to control their spread.
To maintain a healthy cyberspace every organisation must have a clear policy addressing malware prevention, detection and defence mechanism. This policy goes a long way in protecting digital assets of the organisation. Malware prevention policy should cover internal as well as external entities (those who are working on organisation’s network space remotely, business partner, mobile devices etc.). There should also be a periodic security awareness campaign to protect and maintain a healthy cyber space.
The writer, Dr Sounak Paul is the assistant professor of Department of Computer Science and Engineering at Waljat College of Applied Sciences.