Working in the security industry, one sees very often the impact malware has on the affected users. There have been many articles dedicated to the shift from malware writing as a hobby to malware writing as a business but this is a very important step to differentiate because it affects the kind of malware we see today.
If we think of our personal computers as our virtual houses, some time ago we wanted security against our neighborhood bully. Dangerous? Sure. Destructive? You bet.
Now, our enemy is a white collar thief. He'll get into our houses and tap our phones, he'll follow us to our bank and write down our PIN codes and he'll look at the places we shop and will let other people know so they can flood our doorsteps with ads. More importantly, he will put cameras in our houses to check new changes in our lifestyle and will sell access to those cameras to other criminals. Does this sound like a complete change of the malware picture? I bet it does.
There are two consequences to this shift. First, this has created a malware underground society that buys and sells malware kits, server backends, stolen information and all sorts of bad things related to their criminal operations. Second, the malware being used in these attacks is advanced. Not advanced in ideas but in operations.
Let me explain myself: before, there were malware brains and script kiddies. The brains created advanced malware just for kicks and script kiddies propagated it around for pure fun ("David infected this PC... Yoohoo!"). These guys haven't gone away today, they're still there, but the criminals today are taking the brains' ideas and polishing them professionally with state-of-the-art technology paid for by their own criminal enterprises.
So now we have a technologically-advanced enemy trying to quietly get into our lives to steal our money and sell our private information. Thus the invisible enemy.
It's an interesting time to be in the security industry. Now tell me that catching these criminals is less important than catching file-sharing users... some people need to step back into reality.
Welcome to my blog, I'll try to post my ramblings weekly... enjoy!
No comments:
Post a Comment