5-year-old malware discovered: Why it took so long

Many surveys ask IT pros whether they’ve been breached in the past month, year, etc. But that question overlooks a common problem: Many companies that are breached don’t know it yet – and some conceivably never will.

Case in point: Researchers recently uncovered a malware strain that’s been active since at least 2011. This highly advanced malware is likely state-sponsored. And it has a few tricks up its sleeve.

Can work offline

One wrinkle that makes the malware (known as either Remsec or ProjectSauron) so dangerous is that it’s individually crafted to go after each target. The attackers didn’t repeat domain names or servers for their targets. According to ArsTechnica, that thwarts attempts by security researchers to look for patterns, a valuable way to discover other instances of malware.

Even sneakier: The malware can run offline, appearing to be a normal part of your systems’ operations. Then it communicates back as soon as an Internet connection is detected.

That indicates this is designed to run on computers that are so secure, they run mostly offline as a hacker-deterrent.

Time to detection matters

While many talk about breaches in terms of the fallout and how long it takes to recover, time to detection could be just as, if not more, important.

In many cases a breach won’t be obvious. That makes regularly scanning for intrusions – even when there are no outward signs one may be occurring – important.

Automated solutions may be your best bet. They can examine systems for you, looking for unusual processes or other questionable activity.

Make Smarter Tech Decisions

Get the latest IT news, trends, and insights - delivered weekly.

Privacy Policy