In the wake of the discovery of Flame, the most complex and sophisticated known cybercrime attack to date that was undetected for approximately two years, an article published by Technology Review boldly proclaimed that the anti-virus era is over. The truth, however, is that for the vast majority of the Internet-going population, Flame is irrelevant, highly unlikely to affect their lives and does not in fact herald the death of anti-virus.
Unless you are running very specific software at a nuclear facility, Flame is not your problem. It is, however, an indicator of a trend in cybercrime that all Internet users would do well to pay attention to. Threats are becoming increasingly targeted and increasingly persistent, and you need to protect yourself against ever more sophisticated attacks.
This by no means indicates that the old threats have simply disappeared. Anti-virus and other anti-malware software still have a very distinct role to play in protecting Internet users.
The reason for the evolution of cybercrime is simple: it makes sense. At its heart, cybercrime is a business, and like successful business the perpetrators target people who are likely to be susceptible. Random attacks are not only easier to block, but also easier to spot and most savvy Internet users can spot common scams, which makes them less successful. The more targeted an attack is, such as a spear phishing attack, and the more detail and specific information cybercriminals use, the more likely people are to fall for the scams. This means the criminals have a higher success rate and are therefore more profitable as a result.
While Flame was a very specific attack that was only aimed at a niche of the population, everyone who is connected to the Internet on any one of a variety of today’s connected devices is at risk of falling victim to cybercrime, through a wide variety of methods that are becoming increasingly targeted and sophisticated. Flame was such a specialised attack that it was almost impossible to detect, and was in place for more than two years before it was detected, which made it all the more effective.
This increased sophistication is in retaliation to the increasing sophistication of anti-virus and protection tools, as cybercriminals strive to find new ways of getting the information they need. As an example, spam used to be effective, until anti-spam tools were invented, so spammers got more creative and more specific in their targets, in an effort to thwart security. This vicious cycle goes on, with criminals and protection companies locked in a continual battle to come out on top.
What the Flame attack has highlighted is the fact that it is the unknown that causes the biggest damage, and the efficiency of highly targeted attacks in achieving their goal. One of the biggest questions this attack also raised was, if anti-virus did not detect Flame, what is the point in having anti-virus.
For the average consumer however, as mentioned, Flame is a non-issue, and it is the thousands of common viruses and other attacks that we need to protect against. There are a whole host of threats that are current and can easily be prevented by using a sophisticated security suite. Coupled with education on the ways cybercriminals try to catch users out, and a bit of sense (if it sounds too good to be true, it is), and the majority of Internet consumers will remain protected against the threats of cybercrime.
The bottom line? Don’t ditch your anti-virus software just yet. You still need it. Cybercriminals will try any attack that is likely to yield results, and if users all stop protecting themselves from what is thought to be an outdated form of attack, you can be sure that someone will try that method again.
Fred Mitchell, Symantec Business Unit Manager at Drive Control Corporation