QOTD on the Commoditization of Malware

The malware lifecycle has sped up dramatically. The 'time to market' difference between £1,000-plus innovative malware and £15 ready-to-run kit is now months, rather than years. Combine this with poor patching remaining prevalent in businesses of all sizes, and you have a lethal cocktail.

This means that any would-be hacker can cause thousands of pounds worth of damage with very little outlay or technical know-how. Using the same advanced tactics as big-time hackers, lower-level cyber criminals focus on stealing data or private information. Their methods are increasingly diverse and technically advanced, and this is one of the reasons APTs can be so damaging to small- and medium-sized businesses alike.

Four days after the Aurora hack on Google last January, the code used was available worldwide. Within 18 months, there had been 5,800 attacks using it. As time goes on, far from the code losing its potency, more people get hold of it.
-- Spencer Parker, Group Product Manager, Websense

Note: this is written by an information security vendor; however, there is value in the statements to raise awareness of the threats and how quickly research & development efforts get transferred from leading-edge malware to run-of-the-mill tools.

Src: The trickle-down effects of advanced persistent threats - SC Magazine UK

No comments: