Press "Enter" to skip to content

Wetware: The Most Important Trend in Malware

Blaster worm screenshot
Hex dump of 2003’s Blaster worm, that left a message for Microsoft CEO Bill Gates.
On Thursday, Christine Hall looked at the economy of cybercrime. I also took a peek at the Symantec report, and indeed, the statistics are sobering. There is one statistic, however, that Symantec has ommitted from its report. They did not report – at least not numerically – on the trend of growing wetware vulnerabilities that take advantage of users’ bad habits.

The number of vulnerabilities in the wild is growing. The number of exploits, as well as the speed of those exploits — in the case of Heartbleed, only four hours from the publication of the vulnerability to a circulating exploit — is somewhat disheartening, if not all that surprising.

And I am still trying to get my head around the growth of malware in general. The 26 percent rise in malware cited by Symantec for 2014 is impressive enough, but the fact that more than 300 million variants of malware were added to the pool last year alone blows my mind. If someone had told me there were even 30 thousand variants of malware, I would have been impressed.

This makes it vitally important for both websites and operating systems to be scanned for vulnerabilities — not just for malware — and to patch those vulnerabilities at the soonest possible time, if not immediately. To be sure, patches need to be tested first, but the point is to act sooner rather than later. Given the current trends, later is likely to be too late.

The trend in business — which I still hope is just a fad — is toward the cloud, and the bad guys are moving there too, using Software as a Service (SaaS) exploit kits to take advantage of vulnerable websites to launch so-called “malvertising” attacks, which sometimes get combined with the ever-growing crypto-ransomware trend.

With malvertising, victims click on advertising links that take them to rogue websites (typically adult in nature) that then redirects to a webpage that locks up the victims’ browsers while telling them they’re being fined by the local police for viewing pornography. In some cases they can simply close their browsers, even if by force — if they can get beyond their panic — but sometimes these malvertising sites are already downloading crypto-ransomware to their computers.

Just in case you are not familiar, crypto-ransomware is a form of malware that blocks access to a victim’s files, while encrypting them and holding them ransom while the hapless victim scrambles to pay the attackers. Frequently, the attackers insist on payment within three days, usually by Bitcoin, before the fee goes up. Oh, and for those dumb enough to pay, the encryption key might not work. That’s right: The victim loses both money and data.

Which brings us back to the concept of wetware. By wetware, I mean the brain, or the human element — the end users.

Users are the most vulnerable element in our security defenses because they can be manipulated to click links they shouldn’t, which leads to their computers – data and all – being exploited. The fact that crypto-ransomware grew by more than 45 times last year, suggests that the trend in user manipulation is definitely on the rise, as most ransomware and crypto-ransomware requires manipulating users in order to spread.

As far back as the old CompuServe and AOL services (and even before that), spam messages have been going around the interwebs because people are foolish enough to forward seemingly innocuous messages — frequently with images attached — to everyone in their address books. Most malware still arrives via e-mail inboxes or through some questionable link that’s been clicked. It’s all about manipulating users.

Obviously, with ransomware on the rise, instead of more people catching on to the manipulation trend – and teaching others to avoid such things – we see more and more people willing to click questionable links, a cutesy image perhaps, only to later discover that their precious family photos are now encrypted by someone who could be in Russia, or around the corner.

So let’s do this: Let’s become smarter users and not be foolish, even though everyone does foolish things now and then. We have to learn. We have to wise up and get smarter. We have to pay attention and be vigilant. And we have to teach our friends, family and co-workers to do the same.

Even then, we need to have a backup plan. By backup plan, I mean a plan to backup personal and business files daily – and then to disconnect that backup from systems and networks. Home users can simply plug in an external hard drive and backup documents and other important files to it, then physically unplug the drive immediately after the backup is complete. Businesses may require some additional hoops, but the point is to not give the bad guys access to backups.

For my personal systems, I have two different 1TB external hard drives, and I keep copies of my laptop and desktop files on these. One stays in a safe place, so if someone manages to install a variant of some ransomware on my computer, I don’t have to worry about paying to save my files because I have backups.

What about you? What are you doing to be able to recover from what can only be labeled as a disaster such as this?

At home, we need to start running backups, teaching our families to run backups, and make sure they see us do it. At the office, we need to keep those backups inaccessible to the bad guys. We also need to educate and train employees. Notice I didn’t just say educate; we have to train, putting the theory into practice. That may mean taking sort of a “get tough” approach until people actually stop clicking bad links.

Truthfully, some things, such as taking vulnerabilities more seriously, are improving. Unfortunately, users often are not. I realize I am stating the obvious here. And I don’t know how to start a grass roots campaign to teach users how to improve, but until we get smarter and wiser, I foresee the trend in malware continuing to grow.

Help keep FOSS Force strong. If you like this article, become a subscriber.

Breaking News: