The discovery of a highly sophisticated malware network is leading some security firms to reshape their view of cyber crime operations.
Known as Shnakule, the operation employs a massive network of servers to attack sites as well as compromised pages to exploit vulnerabilities and infect users' computers.
The operation spans a number of attack vectors and is believed to have been used for multiple attacks, with active servers ranging from hundreds to thousands of systems at a time.
The company's findings, said Steve Schoenfeld, vice president of product management and product marketing at Blue Coat , defy conventional knowledge of how malware and cyber crime operations work.
Attacks, which had previously appeared to be isolated events, are now believed to be the work of various systems operating within the cyber crime network. Blue Coat estimates that such networks will be responsible for as much as two thirds of all attacks in 2012.
"Shnakule is an organisation of servers, it is an infrastructure more than anything," Schoenfeld explained.
"They may be doing the same attacks, but they have a well-built infrastructure to obfuscate it."
To combat such large-scale operations, Blue Coat believes vendors will need to take a wider approach to analysing attacks.
Rather than looking to block attacks based on the individual activity of a site or domain, Blue Coat believes firms will need to take a wider approach and single out servers and domains that have been connected with malicious networks in the past.
No comments:
Post a Comment