How Do You Guard Against Unknown Threats?
Stuxnet was sort of like a shot heard ‘round the world when it comes to malware. It was the first attack which—for all intents and purposes—was developed with a specific strategic target and national defense objectives in mind. State-sponsored cyber warfare has been suspected for sometime, but Stuxnet was the first real indication that it is actually going on.
Then came Duqu, followed by Flame. All three of these malware threats are related in some way, and appear to have similar origins. But, the one thing that seems to stand out for all three is that these threats have been out there circulating on the Internet for years undetected.
The initial assumption by many was that Stuxnet evolved into Duqu, which eventually became Flame. One theory was that once Stuxnet was discovered and reverse-engineered it gave other developers the tools they needed to build on the foundation to create new threats. But, researchers now believe that Flame and Stuxnet were originally developed in parallel, with Stuxnet actually employing a module from the Flame code. That was back in 2009.
There are Stuxnet variants captured in the wild that date back to the middle of 2009 as well, but Stuxnet wasn’t actually discovered and identified until late 2010. Flame just made headlines last month, but researchers are finding elements of Flame code that have been dormant or have managed to stay under the malware detection radar for years.
The first burning question is, “Why weren’t these threats detected and identified earlier?” The more concerning follow-up question is, “If these threats managed to evade detection by antimalware tools for years, how many other insidious threats are out there right now yet to be discovered?”
The crux of the issue is that it’s an impossible question to answer. We don’t know what we don’t know, and there’s no way for security vendors or researchers to quantify the problem. If they could count the “unknown” threats, they wouldn’t be unknown any more. Some may attempt to estimate the number of threats, but that is pure speculation and does nothing to help defend against the threats.
So, what can you do to protect your PC, and your information from threats we can’t verify exist, and that your security software won’t detect? Should you just throw in the towel and resign yourself that the malware has won the war? No.
All you can do is all you can do. There is no perfect security solution, and no way for you to guarantee your PC or data are protected, but that’s no reason not to follow established best practices and continue to do everything you can to prevent attacks or data breaches.
Follow password management guidelines and use strong passwords, keep your PC and software patched against all known vulnerabilities, and run up to date security software on your system. It won’t stop every attack, but it will stop most, and at least you’ll know that a successful attack is not the result of you simply not doing what you knew you should.