How to Create a Malware Market - And How to Stop It

August, 12, 2014 Franklyn Jones

There was a great article published this week on CSO Online that described the evolution of a black market for malware kits. The article was written almost like a case study describing how cyber-crime startups have competed with each other over the last decade to develop and market malware kits that exploit browser vulnerabilities to gain access to targeted banking sites - and billions of dollars.

Much like commercial software markets, the competition on the black market has resulted in higher quality malware kits at more affordable prices, enabling more cyber criminals to use these kits for fun and profit. It's a fascinating article, but it's also a fresh reminder that virtually every organization with valuable intellectual property is a potential target for one of these attacks.

It's also worth noting that these black market software developers are continually refining and upgrading their browser exploit capabilities, making their targeted attacks increasingly difficult to detect and block. Even more impressive (and scary) is that some black market vendors now offer a managed service model for their customers. Instead of SaaS, it's called MaaS (Malware-as-a-Service).

So as a potential target for one of these cyber attacks, how is your business protecting itself? Many customers I've talked to have implemented impressive multi-layer, defense-in-depth architectures, hoping that if one security device doesn't detect the attack, the next one will.

Unfortunately, hope is not a strategy. And while businesses must be able to detect and block 100% of attacks to win the war, cyber criminals only need to penetrate your defenses once to be victorious. Just once. So, if you were willing to make a wager, who do you think would have the best odds of winning?

This is why the time is right to augment traditional, detection-based security architectures with innovative malware isolation technologies. Rather than attempting to determine if web content is good or bad, isolation technology assumes everything is bad and securely isolates all web content outside of your network. As a result, it is the only proven technology capable of preventing 100% of all browser-borne malware from entering your network. Good guys win, bad guys lose.

If you're interested is gaining an unfair advantage and eliminating browser-borne cyber attacks, give us a call.

Franklyn Jones, CMO, Spikes Security

 

Keep informed.