We’re in a situation where the bad guys can hack any system if they really want and if they have a big enough budget. Most IT security solutions are not ready to guarantee adequate protection for these types of attacks: The value of information is many times more than the cost to steal it.
How do you know the bad guys have broken in? That depends on the type of attack, how hard you look, and how many pieces of the puzzle you have.
Traditional, mass-cybercrime attacks we can easily recognize because we have sensors on millions of computers around the globe. But if it’s a direct attack, or espionage, we may partly detect it, but we don’t see the whole picture.
The bad guys know which securityand antivirus products are used at their targets, because there are often many unsuccessful attempts before they get into the target’s systems. In the case of a successful attack with a limited number of victims, we probably don’t know they’re infected. The victim doesn’t know they’re infected, either, and may never know they’re infected.
In some cases, we detect some malicious software threats for years, but do not see the whole picture of what those threats are doing. In 2012, our analysts wrote about a major espionage attack called “Red October.”
It turned out that we had detected most of the malware components for some time, but we didn’t see that the malware was all from the same project.
Then the Red October victim came to us and said, “Hey, guys, we’re the victim of a successful espionage attack and this Red October is it.” And then we saw the pixels and the picture. But we hadn’t combined them into a picture before that.
What’s changed is the sheer number of attacks. Ten years ago, we had hundreds of new viruses in a month.Now, with more than 100,000 new malware samples each day, human analysis is no longer possible. We don’t have enough resources to investigate every attack. Now, werely on automated systems to analyze and classify malicious files.
Unfortunately, the technologies on our desktops were designed 20-30 years ago, even before the Internet. We need different operating systems, secure operating systems, default-deny systems. Until they exist, we advise that you build enough protection that you’re much safer and more secure than your neighbors. You know the saying about how you don’t have to outrun the bear, you just have to outrun the other guy? Run faster than the other guy. Right now, there’s no other option.