Recycled cyberattacks: Protect against the knowns

By Charles Cooper

Cybercriminals don’t always need to reinvent the wheel.

You might assume that most cyberattacks feature new malware strains. After all, the seesaw battle between attackers and defenders should favor the more technically adept side and whoever comes up with the next big innovation ought to enjoy a tactical advantage, however fleeting. But that gets expensive and the reality is that bad actors are on budgets too. Many prefer to deploy vintage computer bugs, often going back more than a decade, to worm their way past corporate defenses.

Remember Stuxnet, the computer worm that gained notoriety for its central role in the famous sabotage of an Iranian nuclear enrichment facility in 2010? It turns out that exploits linked to an old Stuxnet-related bug were at the top of last year’s ranking in terms of the number of users attacked.

Or consider the network breach at Sony Pictures that led to the publication of confidential documents belonging to the studio. Security experts discovered that the cyberattack — widely believed to be connected to North Korea — relied on at least six known pieces of software. The software had been previously deployed in attacks against South Korean banks and a Saudi Arabian oil company dating back to 2012.

Indeed, many of the cyberattacks aimed at retailers, financial institutions, government agencies and military assets rely on recycled malware components that are comprised either of known threats or of variants of known threats.

This is all part of a broader trend in cybercrime. Rather than develop new weaponized code from scratch, malicious hackers are recycling older code and building upon older techniques to create more robust cyberattacks. A recent study of cyberthreats found that 40 percent of organizations have recorded  attack types from the previous millennium. What’s more, a full 86 percent of organizations recorded an exploit that was over 10 years old.

Focus on the known

Recycled threats are available on a thriving black market to anyone willing to pay. The return on that investment can be enormous. For instance, researchers noted that attackers were able to inflict more than $200 million in damage using just eight recycled malware components in an exploit toolkit that sold on the Dark Web for as little as $1,800.

In theory, organizations should be able to detect and avoid recycled malware components. But that’s not as easy as it might seem at first blush. Defenses try to identify viruses by searching out something specific that can be traced back to earlier attacks. The goal is to discover the threat, register the signature and then deliver an update to protection tools. But malicious authors are able to skirt popular security products by making small variations to their exploit code to evade detection. .

While the cyberdefense industry works on how to resolve this cybersecurity challenge, organizations can still take steps to reduce their risk profile. As outlined in the AT&T Cybersecurity Insights report, companies should incorporate established practices and commonplace protection tools to be in a better position to detect and respond to the cyberattacks they are bound to encounter.

That means updating your defenses to protect against what’s already out there and building your defenses around known threats. It also means keeping current with security patches, logs and software updates.

Charles Cooper has covered technology and business for the past three decades. All opinions expressed are his own. AT&T has sponsored this blog post.

Copyright © 2017 IDG Communications, Inc.