Author: Dave Aitel / Source: CSO Online
We’re entering a new age of cybersecurity, where worms will be just as critical for defense as they are for offense. This is going to surprise many people in the security industry, who for many years have thought of worms as only a malicious tool.
To provide some historical context, for the past 10+ years, the security community and government have been obsessed with botnets and “Advanced Persistent Threats.” Most of the defensive tools and strategies, as well as cyber laws, regulations and policies, are centered around these threats. But the truth is, worms are the real basis of many of the most advanced actors on the stage. After all, what were Stuxnet, Flame and Duqu but worms at heart? All top-line nation-state tools are capable of self-replication, as autonomous operation is the key to any cyber espionage effort where gaining persistence on an air-gapped network is required.
Although worms are not always front and center in policy discussions, the worm model has been behind many – if not most – of the sophisticated attacks we’ve seen in the past decade. And worms were here before that too: from 1989-2001 they were the dominant threat on the Internet, leading finally to a massive security push from Microsoft that delayed Vista by six months. And then, for a few years, worms happened much less often, although they did still happen. Largely they were replaced in our mindshare with botnets and phishing, which represent a very different technical risk profile.
However, worms have always been and always will be key to offense. In the next few years, the frequency of advanced multi-platform worms launched by nation-states and other sophisticated threat actors is likely to increase substantially.
First, let’s take a look at why worms are so important. For offense, worms have always solved some key issues:
- No need to maintain a command and control, because spreading happens automatically
- Can be set to run as fast as needed (to beat a defender’s response time) or go low and slow
- Able to reach networks that are only connected temporarily (ex: air-gapped systems)
It is these attributes of worms which make them a necessary tool in the arsenal of any offensive team. And their importance will only grow over time, as defenses continue to improve and more nation-states enter the cyber war game, but without the unlimited resources of bigger players like the US and China.
Why a worm boom is coming
If we look at the trend lines, we can see that smaller players are getting into the cyberwar game. They really don’t have a choice. Every country needs to be doing cyber-espionage and developing cyber deterrence capabilities. By our standards, Russia is a…
Click here to read more