How does insurance IT leadership keep up with the cat-and-mouse games being played by the latest data deviants? Some say it’s comparable to the
But this closed-door, “don’t tempt fate” attitude hardly makes the deviants less active. The
Insurers have a lot at stake, not the least of which is the vulnerability of their proprietary networks and data to hackers who are seeking competitive advantage of their own. Other considerations include a host of risk management issues as applied to an insurer’s customer base. In either case, insurers, like most companies, are in a scramble to do whatever is necessary to stop the next union of cyber criminals from wreaking havoc on the rest of us.
So it’s not surprising that the latest news coming out of this dark world has a Kevin Mitnick-like feel to it. (Recall Mitnick, now an American computer security consultant and author, was at one time the most-wanted computer criminal in the United States after hacking into Digital Equipment Corporation’s Ark computer system at the ripe old age of 16.) Mitnick was one of the first to climb into and out of the dark side to teach us all some data security common sense.
Now, thanks to support from the Air Force and National Science Foundation grants, researchers from the University of Texas at Dallas are in a race to keep up with cyber criminals with the creation of yet another malware invention, this one fashioned after programs from the early 1980s that, in the most basic of terms, reproduce by copying themselves onto new machines. The genesis of this one, however, is a “semantic blueprint,” not itself computer code, just a description of what the generated code needs to do, meaning it can be safely hidden from defensive programs with traditional encryption.
Fittingly named “Frankenstein” by researchers Vishwath Mohan and Kevin Hamlen, the proposed (it’s still a proof of concept) self-camouflaging malware propagation system overcomes shortcomings in the current generation of metamorphic malware.
“Specifically,” say the researchers, “although mutants produced by current state-of-the art metamorphic engines are diverse, they still contain many characteristic binary features that reliably distinguish them from benign software. Frankenstein forgoes the concept of a metamorphic engine and instead creates mutants by stitching together instructions from non-malicious programs that have been classified as benign by local defenses. This makes it more difficult for feature-based malware detectors to reliably use those byte sequences as a signature to detect the malware. The instruction sequence harvesting process leverages recent advances in gadget [snippets of code] discovery for return-oriented programming. Preliminary tests show that mining just a few local programs is sufficient to provide enough gadgets to implement arbitrary functionality.”
The researchers call their initial version of Frankenstein a "toy," so it will not propagate itself onto other computers, but can instead make variants of itself by stealing different code from different programs. In essence, every "mutant" version of the malware it creates of itself will be different, but will still check out when looked at under scrutiny.
Along with other similar types of malicious software, malware,
Toy or not, Frankenstein represents a challenge—and an opportunity—for insurance IT and risk management professionals alike.
Pat Speer is an editorial consultant for Insurance Networking News.
Readers are encouraged to respond to Pat by using the “Add Your Comments” box below. Shealso can be reached at patricia.speer@sourcemedia.com.
This blog was exclusively written for Insurance Networking News. It may not be reposted or reused without permission from Insurance Networking News.
