Since
2006, malware has been an ever present reality; however, from 2008, the issues
has been doubling almost every year to the point even technology cannot keep
up.
This issue
is that Malware is no longer a single entity program with discernable patterns
of code or behavior that would allow us to readily identify this.
Enter The Dragon
Looking at the graph reminds of the very Nemesis we are trying to protect against, a dragon. Mythical by nature, defying logic and sense; however, deadly in its silent approach and quick in its attack.
Like the dragon, malware has taken on a new life itself in innovation to keep itself
concealed. Originally, conventional
wisdom thought that malicious mathematics would be limited to cases of
extortion where the perpetrators would capture your data with an encryption algorithm
holding your system hostage with an asymmetric key to recover the encrypted
data. However, this is no longer a consideration, for the introduction of malicious
cryptography and mathematics; the results
become unlimited, according to
Eric Filiol, Laboratoire de Cryptologie et De Virologie Opérationnelles ESIEA, France
in their paper, “Malicious Cryptology and Mathematics”:
A Virtual Candy Store for Evil Doers
• Use of cryptography and mathematics to develop “super malware” (über-malware) which evade any kind of detection
by implementing:
–
Optimized propagation and attack techniques (e.g. by using biased or
specific random number generator) Filiol et al. (2007).
–
Sophisticated self-protection techniques. The malware code protects itself and its own functional activity by using strong cryptography-based tools
Filiol (2005b).
–
Sophisticated auto-protection and code armoring
techniques. Malware protect their own
code
and activity by using strong cryptography.
–
Partial or total invisibility features. The programmer intends to make his code to become invisible by using statistical simulability Filiol & Josse (2007).
• Use of complexity theory or computability theory to design undetectable malware.
• Use of malware to perform
cryptanalysis operations (steal secret keys or passwords), manipulate encryption algorithms to weaken
them on the fly in the target computer
memory. The resulting
encryption process will be easier to be broken Filiol (2011).
• Design and implementation of encryption systems with hidden mathematical trapdoors.
The knowledge
of the trap (by the system designer
only) enables to break the system very efficiently. Despite the fact that the system is open and public,
the trapdoor must remain undetectable. This can also apply to the keys themselves in
the case of asymmetric cryptography Erra & Grenier (2009).
One could define
malicious cryptology/mathematics as
the interconnection of computer virology with cryptology and mathematics for their mutual
benefit. The number
of potential applications is almost
infinite. In the context of this chapter, we could also define it – or a part of it – as the different mathematical techniques enabling to modify or manipulate
reality and to reflect
a suitable but false image
of reality to the observer (may it be a human being or an
automated system).
So what do
you do? First, just know that old school
“Signature Database Technology” is no longer sufficient to protect your
systems. Perhaps “back in the day…”;
however, like car covers, and windshield sun screens, they too have outlived
their welcome. Today’s protection has to
be equally inventive. In other words, we
no longer can rely on known families of malware and their derivatives to be the
domain of the perceived threat. If you
do, you shall become a victim and not even know that you are one. Oh yes, another trend of our evil-doers is
not claiming, nor revealing their deeds; as a result, once a victim always a
victim. Today, if a breach occurs, it’s
used for a sustainable stream of access for profit; hence, disclosing it would
be bad business.
What to do?
A
different approach is to fight fire with fire.
There is a manufacturer that has a jump on this precept of Malicious
Cryptography. They abandoned the
signature based model and embraced Artificial Intelligence, Big data analytics,
and, you guessed it, Mathematics. Combined
they thwart the impending code by
identifying it through thousands of other identifying parameters and make a
decision of “good” or “bad”. As for the
science behind it, its’ way beyond the scope of this magazine; however, if you
do want more, contact those folks at Continuity Focus
(sales@continuityfocus.com),
and they will walk you through it. However, regardless of you actions, you can't say you weren't warned.
Source(s):
- http://www.cs.sandia.gov/~dmdunla/publications/SAND2009-0805.pdf
- http://cdn.intechopen.com/pdfs-wm/29700.pdf
- http://archive.hack.lu/2008/Malware%20of%20the%20Future.pdf
So “Once more unto the breach, dear friends, once more;”
____________________________________________________________
About Rick Ricker
An IT professional with over 22 years experience in Information Security, wireless broadband, network and Infrastructure design, development, and support.
For more information, contact Rick at (800) 399-6085 x502
No comments:
Post a Comment
Thanks for your input, your ideas, critiques, suggestions are always welcome...
- Wasabi Roll Staff