If you’re in IT, undoubtedly security is one of your top priorities. You watch security briefings, you follow best practices, you educate your staff, you have anti-virus programs and other cyber security solutions, and you apply patches as soon as they are made available… but is it enough?
Unfortunately, not necessarily. There are numerous ways cyber-criminals can undermine all these security procedures. For starters, there is always a gap between the time a vulnerability is discovered, and when the patch goes out. Cyber-criminals have resources that allow them to know about vulnerabilities easily, and entire dark databases exist of every known exploit in every major piece of server software in the world.
From the start, you’re already at a disadvantage.
However, there’s a new threat emerging, one that’s creating major new challenges even beyond the problems we already know about: polymorphic viruses.
How Polymorphic Malware Is Undermining Current Cyber Security Solutions
Most people are aware, in general, of how computer viruses work, and how anti-virus software tries to stop them. Viruses are still fundamentally executables, which have to run on people’s systems to do damage. Each executable, therefore, has a recognizable “signature” which allows it to be easily identified, and anti-virus systems use huge databases of these signatures to recognize any viruses inhabiting your computers.
Polymorphic viruses challenge this paradigm.
The word “polymorphic” means “shape-shifting,” and that’s what they can do. Polymorphic computer viruses don’t look like standard viruses, at least not at first. They get onto your system, then hide so that they don’t actually appear to be executables. It’s only at runtime that the code is actually deciphered and executed.
So, in this way, they hide from typical anti-virus scanners. Since they aren’t actively running until they receive a specific command signal, and their code is scrambled so it doesn’t look like a virus, they cannot be profiled in the same way as the viruses of years past.
The Solution: Heuristic and Predictive Anti-Virus Systems
Fortunately, the cyber security solutions development community is well aware of these new polymorphic viruses and are updating their approach to stopping these threats. Instead of relying on signatures, this new breed of anti-virus software is far smarter than older generations. They utilize heuristic analysis of thousands or millions of infections, building up profiles of behavior rather than looking directly at the code.
This also leads to predictive systems, which can look at conditions on host machines and compare them to compiled information, watching out for circumstances similar to those where polymorphic viruses had been seen before. On top of this, there are also run-time monitors – combined with firewalls and other types of live server security – which are constantly watching for strange network behavior that might indicate a polymorphic virus is present.
These are difficult times for cyber-security, and the best thing to do is to constantly stay on top of the latest business solutions. For help, CyberTech 360 is here! Contact us for a free cyber-security assessment of your defenses.