Forget IoT. Your Antivirus is under Heavy Fire

Posted on September 01, 2015 by RSAC Contributor

This post comes from Bogdan Botezatu, a security researcher with BitDefender.

While the general public awaits the IoT apocalypse, the rest of us know the real threat actually runs much deeper. Highly skilled and extremely well financed computer experts are targeting the apex link in the security ecosystem: the anti-malware vendor itself.

Recent revelations have shown the National Security Agency and its partner intelligence agencies have been targeting security vendors over the years. While the revelations may shock the public and the media, for antimalware and security solution providers, it is just another regular day at the office.

Stopping or circumventing the antimalware solution on users’ computers has been the primary goal of digital offenders since the early days of cyber-crime. Advanced rootkits, digitally signed malware, polymorphic and even metamorphic malware are just some of the tactics cyber-criminals interested in making money have used to evade antivirus detection. Antimalware products have evolved to respond to these threats and make sure that they stay fully functional no matter what is thrown at them.

But now, the offensive is carried out by players capable of much more than commercial-grade hackers. States and espionage agencies have been extremely active in the digital sector in the past few years. High-profile state actors have come up with a wide range of cyber-tactics ranging from custom, limited-scope and previously unseen malware to joint efforts to weaken encryption or make it illegal, all in a quest for mass surveillance.

In most parts of the world, governments have adopted “law-enforcement” and “suspect monitoring” digital mechanisms that strikingly resemble cyber-criminal tactics. Ad-hoc malware, zero-day exploits are common tools of the trade for digital surveillance, and we are fully aware of that.

State-sponsored malicious creations are far more advanced than anything the isolated, commercial-grade malware developers can come up with. Just take a closer look at the intellectual property leak suffered by the Hacking Team for an idea of the level of sophistication of exploits used by governments, and how much exclusive access to these exploits costs. And it’s not about the government trying to stop your antivirus cold to launch a private investigation on your device; it’s the meltdown that follows the leak of highly weaponized exploits to the masses of regular cyber-criminals.

So where are we now? Antimalware companies have traditionally battled “bad guys,” researched and documented their attack mechanisms and, most of the time, when law enforcement mechanisms were needed, we would reach out for takedowns. But when the heavy fire comes from government entities it gets a whole lot more complicated.

Contributors

RSAC Contributor

, RSAC

anti-malware

View More Blogs

Blogs posted to the RSAConference.com website are intended for educational purposes only and do not replace independent professional judgment. Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA Conference™, or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.