Malware Threats Growing and Becoming More Complex

by Mohamad Elbarasse, Analyst

The United States Computer Emergency Readiness Team, or US-CERT, within the National Protection and Programs Directorate at DHS, recently released its inaugural edition of a series of annual reports on cybersecurity trends. The US-CERT Security Trends Report: 2012 in Retrospect identifies the most prevalent malware, the means by which it entered a network or device and what the infected device was used for in 2012. Cybersecurity vendors should take heed to what the report calls out as the “single biggest conclusion” that can be drawn from the data and analysis presented in the report, which is that the prevalence of malware is growing and it is becoming more complex.  Cybersecurity is one of the few growth areas in Federal IT and the better informed you are of the current threats to government networks and devices, the better you’ll be able to sell your solution.

Data was collected from both public and private sources, including DHS’ EINSTEIN system, and showed that about 8% of consumer grade users experienced a malware infection in 2012, with one in five of those infections caused by the user clicking and installing the malicious software. The most common way malware was introduced to a device was through vulnerabilities in programs such as Microsoft Office, Adobe Reader, and Java. The majority of these infections could have easily been avoided by practicing proper patch management. Updates for vulnerable programs are released regularly and if your software is not up-to-date, your device is still at risk.

Topping the malware prevalence charts is Sality, at 56% prevalence, with Zeus (and its 26 identified variants) following closely at 54%. Sality has been used to relay spam, proxy communications, exfiltrate data, and carry out Distributed Denial of Service (DDoS) attacks to name a few of its uses, while Zeus has been utilized to compromise financial and banking transactions all over the world.

To get an idea of how much the federal government intends to spend on beefing up their cybersecurity posture, let’s take a look at where they want to spend their cybersecurity dollars. Below is a table of the FY14 and FY13 budget numbers that are tied to specific Business Reference Model (BRM) categories across federal government agencies. As you can see, the majority of cybersecurity related BRM categories are seeing an increase in requested dollars in FY14, though, since we are currently operating under a Continuing Resolution (CR), agencies will likely receive amounts closer to that of FY13 numbers. The FY14 numbers are still informative in that they reveal the federal government’s priorities in terms of where they want to spend the most money, even if they don’t get all that they asked for. Though we probably won’t see a full budget, we will likely have an omnibus spending bill that will break some agencies out of the CR cycle that we have been experiencing.

Budgeted Cyber Spending by Business Reference Model (BRM) Category