A few of the discussions taking place in the security space have changed, and one of those is the concept of weaponised malware.
Lumension chairman and CEO, Pat Clawson, said this is not a regular conversation he had with clients and industry experts until recently.
“If you go back several years, we all know that governments have had strong offensive and defensive programs,” he said.
“They have the defensive one to protect their assets and the offensive one to find out how to take advantage of someone else in the event of an outbreak.”
The conversation changer, however, has been the growth of the Stuxnet family of malware this year.
“We saw a global escalation in terms of public knowledge about the concepts of weaponised malware, and we also saw an escalation in terms of complexity and incidents of successful weaponised malware,” Clawson said.
At the same time, the Stuxnet family looks to have given birth to malicious attacks such as Stuxnet Duqu and the Flame variant, which Clawson says all appear to be “by the same authors but doing slightly different things.”
The reason why everyone cares, whether it is the average person or a government department, is not because they were targeted by the attacks.
Instead, it is by the talks of retaliatory strikes by the US government.
“There is also collateral damage to deal with, as was demonstrated by Stuxnet when it got outside of its intended target,” Clawson said.
He also points out that a lot of technologies were leveraged in these attacks, and they were expensive to get done with “lots of people and horsepower.”
“Now that it has been done, there is a high probably for the attacks to be reverse engineered and used for financial gain and hactivism,” Clawson said.
“After all, it is a lot easier to reverse engineer than built it in the first place.”
Clawson adds that one of the unintended consequences of making all of this public is the likelihood that “the bad guys will reverse engineer this stuff and use it against us.”