Columnist Rob Enderle writes that the only thing that can stop a bad guy using analytics to spread celebrity-based malware is with a good guy using analytics to stop malware. Credit: Kevork Djansezian/Reuters This was interesting in so many ways, this week McAfee issued a report showing how malware delivery using compromised websites and gaming Google search analytics has suddenly become a lot smarter. What these criminals are doing is they are watching trends and then positioning their assets against the trends to the sites that pop to the top when you are searching on celebrities.This is as brilliant as it is nefarious. It suggests that analytics is now being used aggressively as a tool to successfully spread malware and as a result suggests that analytics needs to be used as a defense.Let me explain.The Amy Schumer attack Let’s call this the Amy Schumer attack if, for no other reason, it makes what otherwise is a terrifying trend sound less terrifying. This attack lends itself to a new generation of bots and analytics. Those analytics coupled with trends, likely pulled from Google Analytics, are analyzed and when a spike is observed a website is created, populated with click bait, and infected with malware to deliver increasingly destructive payloads to unsuspecting users.Because the sites are fluid, a reactive strategy of identifying the hostile websites will always not only lag the threat it will largely be ineffective because once the related system notices that traffic growth reverses it can simply create another site bypassing the corrective action. Now, because this is done by increasingly intelligent systems not only will this nullify the typical defense, the new sites will increasingly be compelling to users until the trend peters out or a critical mass of users are infected and learn to no longer search that term. Given how users learn, in some extreme cases, the result could eventually be a level of damage across an increasing number of companies that repeatedly sets and breaks records. This approach could easily make the recent Yahoo breach of 500 million users seem trivial in comparison.The analytics defenseThe only defense that makes sense to me is to use these same analytics to anticipate and block these high-profile searches so that they can’t be used to inject malware. This means proactively identifying search terms that are non-work related and using similar automaton either scanning and actively blocking malware loaded sites before employees hit them, blocking searches that use the related terms, and sharing information on this between companies so the criminal(s) aren’t facing one company, but a collective of firms. Granted this would likely be best implemented by Google and Bing if only to preserve the integrity of their tools and to perhaps prevent a possible block of them should a massive breach result in a more draconian response. McAfee suggests user training but this alone has never been that effective largely because users make mistakes, they forget their training or miss it, and there is a general belief that exposures like this happens to others. Granted, if they are hit there is a chance they’ll get fired but, given the size of the exposure, that fired employee may be following the CIO out the door. I don’t think training users to defend against an attack with this kind of power and scale will be effective any more than I think that training users to use good behavior in the face of a pandemic will stop it.Good (analytics) vs. evil (analytics)It may well be that the only way to stop a bad guy using analytics is with a good guy using analytics. In this case, it is a valid defense because the attack happens at computer speed and uses analytics and eventually deep learning to become more effective. In short we are seeing weaponized analytics and deep learning being born. To defend against this increasingly capable tool we need an equally or even more effective defense and that suggests an analytics/deep learning defense that is shared across companies so the resources on defense massively exceed the resources on the attack. Given this will likely jump to hostile states pretty quickly, this also suggests active participation by government cyberdefense organizations so the next war, which is likely to be largely technology based, can effectively be defended against. Suddenly Amy Schumer isn’t so funny. Related content news UK government plans 2,500 new tech recruits by 2025 with focus on cybersecurity New apprenticeships and talent programmes will support recruitment for in-demand roles such as cybersecurity technologists and software developers By Michael Hill Sep 29, 2023 4 mins Education Industry Education Industry Education Industry news UK data regulator orders end to spreadsheet FOI requests after serious data breaches The Information Commissioner’s Office says alternative approaches should be used to publish freedom of information data to mitigate risks to personal information By Michael Hill Sep 29, 2023 3 mins Government Cybercrime Data and Information Security feature Cybersecurity startups to watch for in 2023 These startups are jumping in where most established security vendors have yet to go. By CSO Staff Sep 29, 2023 19 mins CSO and CISO Security news analysis Companies are already feeling the pressure from upcoming US SEC cyber rules New Securities and Exchange Commission cyber incident reporting rules don't kick in until December, but experts say they highlight the need for greater collaboration between CISOs and the C-suite By Cynthia Brumfield Sep 28, 2023 6 mins Regulation Data Breach Financial Services Industry Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe