In this week’s news, Panda Security reported that in 2015, malware writers produced 230,000 new malware a day, ransomware turned the computer systems off in Lincolnshire County Council for nearly a week, and the US' National Cybersecurity Protection System (NCPS)’s $5.7 billion AV detection has failed to detect 94% of security threats-Ouch!

Highlighting the cyber-security news from the past week in a 120 sec. read. Starting now.

 


Progression of Malware

According to Panda Security, there were more than 84 million malware strains that they collected in 2015, averaging to 230,000 new malware a day and representing 27% of all malware ever collected in the sixteen years of malware existence.  The threat landscape is rapidly increasing at rate.

why is this signficant?

  • The amount of malware strains signifies that threat actors are still relying on the fact that corporations are still using traditional signature-based security solutions. Malware authors are finding success in creating new strains to bypass these solutions. First, these solutions simply cannot handle this amount effectively. Second, new strains that do not yet have signatures quickly evade these solutions.

  • Rather than playing catch-up with signatures, a better approach would be to look at families of malware and learn the commonality between all, thus reducing the scope. For example, at enSilo we found that the least common denominator between all malwares are the fact that they have to communicate via the operating system (and if they bypass the operating system, then it already signifies something malicious), and tackling the problem from there. 

Read the fully story on CSOOnline

Ransomware

A phishing email containing ransomware hits Lincolnshire Council computers with a ransom demand in England, closing down their systems for nearly a week.

why is this signficant?

  • The Lincolnshire Council was going back in time by using pen and paper, when an infectious attachment closed systems such as online library services on 26th of January.  After refusing to submit to the ransom the systems were restored with back-ups nearly a week later. 
  • This ransomware was a zero-day ransomware that had never been seen by researchers before.  This indicates the importance of not paying the ransom, having back-ups and looking into a security platform that will allow users to continue to work securely despite a compromised environment.
  • As creators of ransomware are becoming more creative with their coding, so are their targeted attacks that are increasingly targeting City Councils, facilities, utilities worldwide that can have a devastating effect on a city’s infrastructure if systems are not protected.

Read the full story on The Register

Failware

The US' National Cybersecurity Protection System (NCPS) developed a $5.7 billion detection system termed, EINSTEIN.  The United States Government Accountability Office (GAO) conducted an audit and reported that EINSTEIN is only successful detecting only 6 % of security threats and the other 94 % are not detected.  

why is this signficant?

  • Returning to the first story on the progression of malware, so does this report indicate that signature-based solutions are failing based on being outdated due to the fact that AV detection simply does not have the capacity to stay updated with the hundreds of new malware being created each day.  

  • The audit that took place June 2014 to January 2016.  The DHS has devoted nearly $6 Billion since it’s 2009 existence.  NSD updates a road map for tracking capabilities as well as NCP’s intrusion detection, intrusion prevention, analytics, and information-sharing objective up to 2018 fiscal year.  

  • In response the NSD has established road maps, graphs, new software updates, deployment of new technologies, new committees established, as well as other movements to progress and create a more efficient system of detecting vulnerabilities.  NSD has also given themselves an (ECD) Estimated Completion Date of September 30, 2016 if the pilot is successful to operationalize the capability.. 

Read the fully story on Forbes