Polymorphic Attack Response Changing the Security Industry

December 28, 2015


By John Casaretto
Contributing Writer

Modern trends in sophisticated security attacks show that polymorphic attacks are on the rise. This issue has caused great concern and is forcing companies and the security industry to shift towards solutions that have intelligence and behavior sophistication and are appropriate in response to these constantly evolving threats. Polymorphic attacks come at multiple levels, they can change in time, or they can be launched under one type of attack but then switch to another while hiding the nature of the true attack. These types of attack campaigns are on the rise and classic security strategies are proving to be insufficient in responding to the threats. Things like signature-based protection and old school firewalls are not sufficient in the face of these advanced threat scenarios.

LightReading editor Carol Wilson dives into these questions and the dynamics of polymorphic attacks. Looking at the effect of these threats on the enterprise landscape, her report gets into several examples, such as how Distributed Denial of Service (DDoS) attacks are being combined with other attacks such as volumetric attacks. More than seizing an opportunity of weakness, polymorphic attacks are staged in an effort to overwhelm targets with an emphasis on stretching responses as thinly as possible. In many ways, these attacks are a lot like a stress test which forces the subject into situations where their defenses will start to show cracks. In other ways, these attacks can simply be a distraction to a secondary or even third attack. In either case, the hopes are that flaws will be found or that there are a limited amount of personnel on hand to deal with a multi-level, phased, and massive attack.  

It is clear that not only has the landscape of threats evolved significantly, but the spectrum of attack targets has dramatically grown in recent years. The concept of siloed computers, data centers, and applications is completely gone. Today's enterprise environment is composed of many moving pieces and thus has many vectors which cybercriminals will seek to exploit. Applications, mobile devices, an increasing shift to cloud-based applications, and many other technologies has permanently change the game. In addition, the global threat of tenacious cybercrime organizations and marketplaces has made the spectrum of threats greater than ever. Techniques, tactical information, information about specific targets, source code for malware and many other pieces of information are traded, sold, and exchanged on a daily basis. In many cases, criminals will focus on the opportunity that will give them the greatest profit, sometimes it is malice, and other times the motivation is nation-state.

Whatever the focus is, there is little doubt that the threat of polymorphic attacks is changing the industry. Intelligence sharing, security analytics, and tightly integrated systems and processes are some of the ways that the threat is being dealt with. There are a number of products in the market that have stepped up to the game and many companies that are implementing sophisticated systems and process to deal with these threats.

Edited by Kyle Piscioniere