Recently, new malware was discovered with the ability to identify the operating system of the victim, and infect them accordingly. As most of the secure platform myths have been busted, we have definitely crossed into new territory this year.
First of all, malware is now very much a mainstream business practice. Years ago, security researchers found exploits and disclosed them to companies for the purpose of fixing the hole. Today, some researchers may still use the same code of ethics, however, there’s profit to be had in return for finding flaws in systems. The buyers of these exploits could be businesses wishing to target each other in competitive infection or spying. Also, being that new cold war strategies of governments include hacking other countries and their resident companies, there is vast profit to be potentially earned by hackers.
It’s no longer the norm to protect secrets of the past and attempts to cover up covert operations. Anyone who followed Stuxnet read the reports on the US openly admitting to having created the virus. Adding to the case, now that Duqu has been used, disappeared and morphed, we know that the next cyber weapons are already being tested and developed.
What does this mean for those of us using the technology? First and foremost is that you cannot trust that your systems will ever be free from attacks. What happens when other countries openly admit that they hacked your systems? If this is the new face of war, your systems are fair game. That includes your mobile phones, cars and basically anything with a chip that can be programmed could host new malware.
It’s hard to ignore the fact that cybercrime is a booming, global business. Some estimate that the industry pulls in $100 billion a year, while Russian-speaking hackers rake in $4.5 billion alone.
Unfortunately, this means that the current landscape of cyber war and crime isn’t going anywhere for some time. It’s too profitable of a business, and becoming more and more difficult to avoid. That also speaks to the importance of mitigation services as well. For your network, you want to prepare for the worse, and minimize any attack. That way you donate as little as possible to this growing cybercrime syndicate.