NSA expert recites the basics of malware

You’ve probably heard your mattress gets heavier and heavier each year from the feces of dust mites that eat the dead skin you leave behind. Still, you go to bed every night. What choice have you got?

That’s how it is with email. We know the skadillions of emails crossing the internet every day are infested with malware. Still, we take our chances. Who in reality has a choice these days about using email?

Every federal agency should book a visit from National Security Agency guy, Boyd Fletcher. He’s the technical director of the secure systems architecture division there. He has encyclopedic knowledge of how malware actually works and what you can do to neutralize it.

At the GITEC 2016 Summit in Baltimore, Fletcher talked for a solid hour in such detail that I gave up trying to take detailed notes. He’s the kind of guy who makes you say, I’m glad he’s on our side.

Advertisement

Email, like word processing, started out as ASCII text. Boiled down, Fletcher explained how it’s all the formatting and fancy attachments — PDFs, Microsoft Office documents, JPEGs, TIFFs, fonts of all sorts — that do us in. He didn’t convey new material exactly, but rather a detailed recitation of daily dangers that, listed in aggregate, tempt you to erase your entire inbox right now.

Writers of malware are adept at embedding malicious code in these files that recipients either want or don’t consider dangerous. It looks like a picture, but it’s two files in one — a picture and an executable that, for instance, encrypts your hard drive.

Fletcher described an approach to content filtering that renders malicious code harmless. Deep packet filtering can detect hybrid or malformed files and, with rules to presume them no good, stop them.

The frequency of these types of files is why you hear so much about phishing. Early attempts to get people to open bad files delivered the files with clumsily-written messages full of typos and weird syntax. Fletcher says nowadays the hackers, often originating in Russia, learn all they can about a target company’s (or agency’s) hierarchy, where it banks, and what it does. Then they hire native English speakers to craft highly credible phishing emails. If it’s not a macro buried in a spreadsheet it’s a link to a website with malware.

Fletcher counsels security people to worry less about the mechanics and elegance of malware once it infects their systems, and more about keeping it out in the first place. The further away from endpoints the content filtering takes place the better, he adds.

Not all cybersecurity threats come via email. But because email targets people, it’s most likely to do damage now that network perimeter controls have improved so much.  The other main vector is insider carelessness or worse. Insider cooperation is suspected in last month’s Bank of Bangladesh attack that drained more then $100 million from its reserves with the U.S. Federal Reserve.

Until your agency has comprehensive content filtering, become your own content filter.