Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Wednesday, 8 February, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

The Great Cyber Comparison: Anthropology of Modern Malware and Development of Civilizations: The First Signs of Weaponized Malware

by The Gurus
June 9, 2015
in This Week's Gurus
Share on FacebookShare on Twitter

The Great Cyber Comparison: Anthropology of Modern Malware and Development of Civilizations: The First Signs of Weaponized Malware
By Brian Laing
Jared Diamond states, “By selecting and growing those few species of plants and animals that we can eat, so that they constitute 90 percent rather than 0.1 percent of the biomass on an acre of land, we obtain far more edible calories per acre.” This greater density of plant and animal domestication directly led to denser human populations. Likewise, the increase in Internet use directly gave attackers far more attackable machines per network. The ubiquitous nature of Internet usage also increased the number of attacks by adding new attack paths via a plethora of new Internet services such as social networks.
Malware has always taken advantage of the human enthusiasm to share with one another. In the early days of the Internet both digital content as well as inadequate pathways limited our ability to share. Now with increased Internet use there is a superabundance of new content and many ways for it to be shared. Social networks greatly aided our desire to share – Everything from the mundane, “At Starbucks getting a coffee”, to the two billion daily photos shared on Facebook is fodder for our friends. But social networks are not just for fun and games; they are also utilized as key tools in business. Use of social networks not only facilitates the maintenance of social connections, they also extend those connections to broader second and third order interactions, which further increase the potential attack surface while adding even more new avenues of attack.
One way attackers have taken advantage of these increases is by changing the method of malware proliferation. Early malware spread via floppy disks and targeted users indiscriminately, which limited their infection rate. This also meant they could really only be used for destructive purposes. As the need for knowledge bases grew, intranets and extranets became common throughout corporate networks; malware matured and had new pathways to propagation. Initial Worms spread just as indiscriminately as the less-sophisticated malware, but spread far more rapidly. This was malware’s first major evolutionary step forward.
The Morris worm was one of the first computer worms distributed via the Internet instead of floppy disks. Its father, Robert Tappan Morris released the worm on November 2, 1988 (from an MIT server to disguise the fact that he was a graduate student at Cornell) ostensibly to find out how big the Internet was by gauging how many computers were connected to it. While his goals may have been altruistic, the code exploited known vulnerabilities. And worse, it had a bug! The worm failed to ask whether the worm was already installed on the host machine, so it kept replicating itself until the machine would slow down to the point of being useless. Robert Morris actually did break the Internet. Cleanup of the various networks connected into its backbone took several days, and although Morris has always sworn that his goal was not to cause damage, he was rewarded with a conviction for computer fraud for his effort.
Fast-forward fifteen years to January 25th, 2003 and the Internet had almost a quarter of a billion users. This was the day Michael Bacarella, posted a message to the Bugtraq security mailing list entitled, “MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434!“ SQL Slammer had been initiated and almost all of the 75,000 victims were infected within ten minutes. The worm was a very small piece of code that exploited a vulnerability in Microsoft SQL Sever. It would generate random IP addresses and send itself to each of them. If the IP address was an unpatched Microsoft SQL Server, then that server also became infected and would begin to replicate the worm. Two primary aspects drove SQL Slammer’s rapid propagation: the worm infected hosts over UDP, (a sessionless protocol) and the entire worm was just 376 bytes in length, which meant it fit into a single packet and allowed infected hosts to “Fire and Forget” large numbers of packets as rapidly as possible.
Like the Morris worm, SQL Slammer had unintended consequences and set off a chain reaction that was probably more severe than the worm itself. More Internet connected machines equaled more networks and these networks connected via routers. As the worm spread these routers became overloaded, which under normal circumstances would cause the routers to delay or temporarily stop traffic, but instead many of them crashed. When a router crashes their neighboring routers update their routing tables to remove the crashed router. This flood of routing table updates crashed additional routers. But then the crashed routers started to come back online, which caused additional waves of routing table updates, but this time for routers coming online, which only compounded the problem. Other worms such as Mydom and Sasser could spread from machine to machine. Some caused issues that took longer than SQL Slammer to remediate, but SQL Slammer is still recognized as the most virulent and fastest-spreading worm ever.
In 2005 the first warnings from UK and US Computer Emergency Response Teams (CERT), organizations were being sent out to their subscribers. Malware was being tailored and delivered via socially engineered email in the hopes of infecting highly-targeted machines and organizations. The term “Advanced Persistent Threat” or APT had not been created, but the first examples of a new form of evolved malware had arrived. This evolutionary step forward would change security more than anything else. To cover this in detail we need overall context to fully understand the motivations and technology changes that allowed malware to take this step. This requires a review of other forms of attacks such as phishing attacks and traditional service based attacks along with how these attacks are used.
 
Brian Laing is an executive at IT security innovator Lastline.  An entrepreneur and on the frontline of the security industry for more than 20 years, Brian is a leader in strategic business vision and technical leadership, shown through his work with a range of start-ups and established companies.  Brian founded RedSeal Networks as well as Blade software, who released the industry’s first commercial IPS/FW testing tools.
Twitter @brianlaing
https://www.linkedin.com/in/blaing

FacebookTweetLinkedIn
Tags: Cyber SecurityinfosecinfosecurityMalware
ShareTweetShare
Previous Post

Imperva Report Finds DDoS Attacks Resemble Advanced Persistent Threats in Sophistication

Next Post

Inaugural Cybersecurity Poverty Index Shows Troubling Lack of Maturity and an Overreliance on Prevention

Recent News

Cato Networks delivers first CASB for instant visibility and control of cloud application data risk

Cato SASE Cloud Named “Leader” and “Outperformer” in GigaOm Radar Report for SD-WAN

February 7, 2023
AT&T Cybersecurity grows SASE offering by adding Palo Alto Networks

UK second most targeted nation behind America for Ransomware

February 7, 2023
safe

Will Emphasising App Security Lead to More App Installs?

February 6, 2023
Phone with app store open

$400,000 Fine for Stalkerware App Developer

February 6, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information