The Past, Present and Future of Malware (and malware protection)

How long do you think malware has been around for? The exact date is of some debate among historians. From a physical (virtual?) perspective, one way to answer this is, ‘Probably as long as computers have been around’.

While this attack mainly affected individuals, businesses are also under threat like never before. Business Email Compromise has cost companies $12 billion since 2013, according to the FBI.

With these twin threats to data and email, it’s clear something has to be done to better secure inboxes. Fast. Particularly when you consider factors including:

Making inboxes intelligent

Back in 1982, hacker/poet Rick Skrenta’s goal was simply “to booby trap new games to put up a message”. The floppy disk was the primary method of malware infection. Incidents were common at universities, which perhaps explains some of the names such as ‘LeHigh’ and ‘Stoned’. 

Fast-forward to today, and the aims – and methods – of modern malware spreaders are far more complex and malicious.

Hackers have evolved malware to evade traditional email protection systems, which detect malicious files or spoofed email addresses and URLs. For example, polymorphic malware constantly changes its code, making it hard to identify. What’s more, if polymorphic software is being analysed by a sandbox it adjusts its behaviour to appear benign.

The below graph shows the trend for ‘malware’ beings searched worldwide since 2004. 

Does this mean the threat of attacks are receding? Not at all.

Phishing, Business Email Compromise, account takeover – these methods involve highly targeted emails, rather than relying on ‘brute force’.

Often they don’t include malware, instead relying on human psychology. For example, impersonating a senior executive and requesting a financial transaction from a junior employee. This method works because it relies on the junior feeling less willing to question the request.

Like polymorphic malware, the nature of threats is evolving. That’s why, the nature of email protection is similarly evolving.

Email security paradox

Spending on cloud system infrastructure services (IaaS) will grow from $39.5 billion in 2019 to $63 billion through 2021. Gartner

The rise of cloud computing has created something of a paradox.

Systems and applications only work when they’re integrated. Yet it’s the integration which creates the vulnerabilities. After all, a secure ecosystem is only as strong as its weakest link. Then involving third parties, the risks from this paradox can be magnified.

Faced with these polymorphous threats, IT leaders require something more. We’re entering the era of machine learning and AI for email protection. This white paper shows the direction this will take, and what action to take in order to succeed.