This week's attack on South Korean banks and top media broadcasters highlights a growing security risk for enterprises and users alike. While many believe that the attack was generated by North Korea, the origin of the cyber attack is less important than ensuring that enterprise defences are upgraded to protect users and confidential data against new types of dynamic malware.
Cyber crime continues to adapt and evolve their strategies. Although the attack interrupted service for several large enterprises and looks like a DoS (denial-of-service) attack, the attack pattern reflects a more modern approach to malware. Not only are modern malware attacks more difficult to defend against, they are much faster, complex and dangerous than traditional DoS attacks. With 32,000 users and servers infected in only 24 hours, combined with the loss of confidential enterprise data and a significant network performance disruption - this cyber attack went beyond typical DoS attacks.
The scale of this attack suggests that many enterprises are unprepared for the reality of dynamic Web-based malware attacks. For many years, enterprises have relied on network (i.e., firewalls, IPS/IDS, UTM etc.,) and end-point anti-virus technologies to protect users and data - with signature-based updates. Yet today's attacks are much faster and often penetrate these types of defences. Today, cyber crime jointly leverages web malware and new types global of malware delivery networks (malnets) and traditional network-level attacks to overwhelm enterprise defences.
Although enterprises have spent years deploying network layer defences, cyber crime has shifted their attack focus to the relatively undefended and popular world of Web access. Two-thirds of all malware developed last year used malnets as their delivery infrastructure. Combating this new threat requires adding a dedicated Web security layer that can complement their network security defences. Securing Web access, enabling full visibility into Web traffic and maintaining performance are critical to today's enterprise malware defence.
Introducing a real-time cloud-based defence to secure all users in all locations, as well as a negative-day defence architecture is the optimal solution for protecting users from aggressive malicious attacks. It's certain that such malware attacks will continue to increase as users and enterprises increasingly rely on Internet applications for business. This week's Korean cyber attack should be a wakeup call to enterprises that when it comes to stopping cyber crime - it's a whole new world.
Jonathan Andresen is chief product evangelist, Blue Coat Systems.
Sign up for Computerworld eNewsletters.