Look at any technology news site, and you will see regular stories about successful attacks and the continued discovery of new vulnerabilities. Here is a collection of headlines from one site on an average day, April 26, 2011:
“FBI warns of millions lost in fraudulent transfers to China”
“PlayStation Network hacked, data on millions at risk”
“Department of Energy-funded lab silenced by APT attack”
“Stars” worm targets systems in Iran, official says”
“New report finds most applications don’t pass security tests”
Industry analysts estimate that, on any given day, anywhere from 5% to 10% of all PCs are infected with sophisticated, remotely controlled malware.2 This translates to 50 to 100 million compromised PCs worldwide. One thing is clear: today’s network security defences are not working against today’s malware. The chart on the following page plots the effectiveness of current defences in guarding against malware.
What we see is that today’s network defences are aggressively evaded by malware that is even moderately advanced. Why is this? In order to answer this question, we first have to define advanced malware. The table describes four key characteristics to explore in classifying malware.
Quite simply, we are using outdated, conventional defences to guard against cutting-edge, innovative malware. We are no more prepared to do this than a 19th century army trying to defend itself against today’s electronic weaponry. We must find defence mechanisms that address the characteristics of both advanced and conventional malware.