• United States




How analytics can protect you from Amy Schumer (malware)

Sep 30, 20164 mins

Columnist Rob Enderle writes that the only thing that can stop a bad guy using analytics to spread celebrity-based malware is with a good guy using analytics to stop malware.

amy schumer
Credit: Kevork Djansezian/Reuters

This was interesting in so many ways, this week McAfee issued a report showing how malware delivery using compromised websites and gaming Google search analytics has suddenly become a lot smarter. What these criminals are doing is they are watching trends and then positioning their assets against the trends to the sites that pop to the top when you are searching on celebrities.

This is as brilliant as it is nefarious. It suggests that analytics is now being used aggressively as a tool to successfully spread malware and as a result suggests that analytics needs to be used as a defense.

Let me explain.

The Amy Schumer attack

Let’s call this the Amy Schumer attack if, for no other reason, it makes what otherwise is a terrifying trend sound less terrifying. This attack lends itself to a new generation of bots and analytics. Those analytics coupled with trends, likely pulled from Google Analytics, are analyzed and when a spike is observed a website is created, populated with click bait, and infected with malware to deliver increasingly destructive payloads to unsuspecting users.

Because the sites are fluid, a reactive strategy of identifying the hostile websites will always not only lag the threat it will largely be ineffective because once the related system notices that traffic growth reverses it can simply create another site bypassing the corrective action. Now, because this is done by increasingly intelligent systems not only will this nullify the typical defense, the new sites will increasingly be compelling to users until the trend peters out or a critical mass of users are infected and learn to no longer search that term.

Given how users learn, in some extreme cases, the result could eventually be a level of damage across an increasing number of companies that repeatedly sets and breaks records. This approach could easily make the recent Yahoo breach of 500 million users seem trivial in comparison.

The analytics defense

The only defense that makes sense to me is to use these same analytics to anticipate and block these high-profile searches so that they can’t be used to inject malware. This means proactively identifying search terms that are non-work related and using similar automaton either scanning and actively blocking malware loaded sites before employees hit them, blocking searches that use the related terms, and sharing information on this between companies so the criminal(s) aren’t facing one company, but a collective of firms. Granted this would likely be best implemented by Google and Bing if only to preserve the integrity of their tools and to perhaps prevent a possible block of them should a massive breach result in a more draconian response.  

McAfee suggests user training but this alone has never been that effective largely because users make mistakes, they forget their training or miss it, and there is a general belief that exposures like this happens to others. Granted, if they are hit there is a chance they’ll get fired but, given the size of the exposure, that fired employee may be following the CIO out the door. I don’t think training users to defend against an attack with this kind of power and scale will be effective any more than I think that training users to use good behavior in the face of a pandemic will stop it.

Good (analytics) vs. evil (analytics)

It may well be that the only way to stop a bad guy using analytics is with a good guy using analytics. In this case, it is a valid defense because the attack happens at computer speed and uses analytics and eventually deep learning to become more effective. In short we are seeing weaponized analytics and deep learning being born. To defend against this increasingly capable tool we need an equally or even more effective defense and that suggests an analytics/deep learning defense that is shared across companies so the resources on defense massively exceed the resources on the attack.   Given this will likely jump to hostile states pretty quickly, this also suggests active participation by government cyberdefense organizations so the next war, which is likely to be largely technology based, can effectively be defended against.  

Suddenly Amy Schumer isn’t so funny.


Rob Enderle is president and principal analyst of the Enderle Group, a forward looking emerging technology advisory firm. With more than 25 years’ experience in emerging technologies, he provides regional and global companies with guidance in how to better target customer needs with new and existing products; create new business opportunities; anticipate technology changes; select vendors and products; and identify best marketing strategies and tactics.

In addition to IDG, Rob currently writes for USA Herald, TechNewsWorld, IT Business Edge, TechSpective, TMCnet and TGdaily. Rob trained as a TV anchor and appears regularly on Compass Radio Networks, WOC, CNBC, NPR, and Fox Business.

Before founding the Enderle Group, Rob was the Senior Research Fellow for Forrester Research and the Giga Information Group. While there he worked for and with companies like Microsoft, HP, IBM, Dell, Toshiba, Gateway, Sony, USAA, Texas Instruments, AMD, Intel, Credit Suisse First Boston, GM, Ford, and Siemens.

Before Giga, Rob was with Dataquest covering client/server software, where he became one of the most widely publicized technology analysts in the world and was an anchor for CNET. Before Dataquest, Rob worked in IBM’s executive resource program, where he managed or reviewed projects and people in Finance, Internal Audit, Competitive Analysis, Marketing, Security, and Planning.

Rob holds an AA in Merchandising, a BS in Business, and an MBA, and he sits on the advisory councils for a variety of technology companies.

Rob’s hobbies include sporting clays, PC modding, science fiction, home automation, and computer gaming.

The opinions expressed in this blog are those of Rob Enderle and do not necessarily represent those of IDG Communications, Inc., its parent, subsidiary or affiliated companies.

More from this author