Welcome to the Post-Zeus/Stuxnet World!

Posted on by

The new year is always an interesting time in infosec. There are plenty of predictions and people passing on their visions of what the new year will hold. Instead of jumping on that bandwagon, I want to turn your attention not forward into the crystal ball, but backwards into the past.

While we were all focused on the economy last year, the entire information security threatscape suddenly changed, under the watchful eyes of our security teams. To me, the overall effectiveness, capability and tenacity of both Zeus and Stuxnet is an Oppenheimer moment in information security. For the first time, we see truly effective bot-net infections for hire that have REAL insight and awareness into specific business processes that move money. Attackers leveraging Zeus on a wide scale and in precise ways were able to grab funds, perpetrate new forms of fraud and steal from us in ways that many of us were unprepared for. It raised the bar on malicious software for criminals and that bar is now about to be raised further and further as criminals extend the concepts and techniques used to go beyond the present levels. On the other hand, Stuxnet represents a truly weaponized piece of code with a modular, expansive and highly extensible nature. It also showed an EXTREME amount of intelligence about the target processes, in this case specific SCADA systems, and perpetrated very very specific forms of attack. In the future those concepts may be extended outward to include attacks that cause loss of life or critical services, even as some of the core concepts of the Stuxnet code are applied to crimeware designed for fraud and theft.

All told, this quick look back at the past should lead us to identify that we must find new ways to increase our resistance to these forms of attack. Here are our challenges:

1) Clearly, simple anti-virus, even when combined with basic egress filtering at the network edges, has proven to be minimally protective. We have to identify the means for creating additional layers of protection against crimeware, and that begins with the absolutely HUGE task of creating mechanisms to defend our user workstations.

2) We have to do our best to prevent the infection of these systems, but MORE IMPORTANTLY, we have to develop and implement strong processes for identifying infected hosts and getting them out of our environment. Not only will this help us directly protect against the threats of crimeware and fraud, but it will also pay off in the longer term if we are able to reduce the overall load of bot-net infected systems which are in play against all of us for fraud, spam processing and DDoS attacks.

Just like in life, keeping your own house safe helps all of us to be safer. This is the very reason we build the HoneyPoint products and Wasp specifically. We want to help you find a better way to keep your systems safe at that level and thus far, Wasp is working well for customers around the world. (More on that in the coming months.)

I hope the new year brings you much success, joy and opportunity. I also hope this look backward helps drive awareness of what might lay ahead in the coming months and years. As always, thanks for reading and drop us a line if you want to discuss the issues. You can also find us on Twitter at @microsolved or myself, personally @lbhuston. Happy new year!

This entry was posted in Emerging Threats by Brent Huston. Bookmark the permalink.

About Brent Huston

I am the CEO of MicroSolved, Inc. and a security evangelist. I have spent the last 20+ years working to make the Internet safer for everyone on a global scale. I believe the Internet has the capability to contribute to the next great leap for mankind, and I want to help make that happen!

Leave a Reply