The anatomy of a malnet

With more than two thirds of malicious attacks delivered through malware networks (malnets) traditional anti-virus defences just aren't good enough to protect a network.

Cyber criminals are getting tougher, bolder and smarter – in the past six months there has been a 200 per cent increase in malware networks. More than two thirds of malware attacks are delivered through malnets which are virtually impossible to shut down.

We’re currently tracking more than 1,500 unique malnets, which is three times the number we were watching just six months ago. We believe this figure has increased because cyber criminals have discovered the power and efficiency of malnets, and increasingly look to malware networks as a means to attack the internet community.

So malnets will continue to dominate the threat landscape.

For those in the internet security community, these statistics signal it’s time to evaluate existing security to determine if it can protect against today’s dynamic cyber threats.

What makes malnets tick

Malnets are extensive malware networks circulating on the internet, designed to deliver mass-market attacks on a continuous basis. They are developed, managed and maintained by cybercriminals seeking to steal personal information or transform end-user systems into botnets.

This is how it works: first the malnet drives a user to the malware. Then the user’s computer is infected with a Trojan. Once a computer has been compromised, it can be used by a botnet to lure new users into the malnet by sending spam to email contact lists. A compromised system can also be used to steal the victim’s personal information or money, and, in some cases, can be used to launch attacks on neighbouring machines.

To create additional complexity, malnets use this self-perpetuating process to launch multiple, varied and simultaneous attacks. For example, while a large search engine poisoning attack is targeting millions of different search terms, a concurrent spam attack could be generating millions of malicious emails.

Each attack will use different trusted sites and incentives to lure users.

Since these malnet infrastructures last beyond any one attack, cybercriminals can quickly adapt to new vulnerabilities and repeatedly launch new malware attacks. By choosing the most popular places on the internet, such as search engines and social networking sites, malnets are able to infect multiple users with relative ease.

Defending your network

For businesses trying to protect their users and data in an increasingly complex threat environment, a new type of security is required. While malnets are nearly impossible to kill, there are steps you can take to protect your organisation. One of the major issues faced by companies is that traditional anti-virus defences often fail to pick up malnet attacks until after the damage is done. Traditional signature-based defences are unable to keep up with the frequency with which these attacks are launched. The security industry must move to a proactive defence that can stay one step ahead of malnets.

Blue Coat is pioneering this proactive approach to security with the Negative Day Defence solution. By identifying the malnets delivering the attacks and blocking them at the source, we are able to prevent new attacks before they are launched. We believe this new type of proactive cyber-defence, combined with a robust business security policy, represents the future of internet security.

Top tips for a secure computer network

In our recent 2012 Malnet Report, we identified the top five tips for businesses looking to improve their online security:

  1. Use a security solution that can block malnet infrastructures and limit employee exposure to botnet-producing Trojans.
     
  2. Ensure your security solution can block communications from infected end-user systems to command and control servers to prevent sensitive, confidential, or proprietary information from reaching cyber-criminals.
     
  3. Ensure that Web usage policies are up-to-date, and keep network/firewall rules current.
     
  4. Deploy a reporting solution that can help identify potentially infected end-user systems, so that you can quarantine and clean them.
     
  5. Set and enforce policies that require employees to update their browsers, OS, Adobe Flash, Adobe Reader, Java, and other applications with the latest patches and security updates.

By blocking the threat delivery mechanism rather than specific threats, the Negative Day Defence protects users well in advance of the deployment of malnets. And since the Negative Day Defence blocks everything associated with known malnets, businesses are also protected against any other attacks delivered by these malicious infrastructures.

Proactive defence must become the new model for security. It presents a new way forward for the security industry and the internet community, and ensures we can stay one step ahead of the bad guys.

Jonathan Andresen is the vice president of marketing and product at Blue Coat Systems, Asia Pacific.

Related Articles