Home Interview “Malware Samples that Included Anti-analysis Tactics Show an Increased Sophistication of Malware developers”

“Malware Samples that Included Anti-analysis Tactics Show an Increased Sophistication of Malware developers”


Manish Dalal, VP, APAC, Verisign Naming Services

IPv6 transition is round the corner. Most of the large and mid size enterprises across the globe and so in India as well is adopting the same. This for sure opens a Pandora box of complications with security challenges as pointed out by Manish Dalal, VP, APAC, Verisign Naming Services, spoke to us.

Q1. What is the state of Information Security globally according to Verisign? What are the different threats and attack vectors that you come across?

Last year, the Verisign iDefense team has observed more malware samples that included anti-analysis tactics showing an increased sophistication of malware developers who are shifting their legacy goals of spreading quickly, to more of an emphasis on stealth. This is an important observation as this technique makes it harder to detect malware infected systems.

The biggest change we have seen recently, though, is in the size and frequency of Distributed Denial of Service (DDoS) attacks. Aided by growth in malware and increased criminal sophistication, DDoS attacks against online businesses and applications are becoming larger and more frequent, making it extremely difficult for IT organizations to keep pace. While historically motivations for DDoS attacks have varied from financial to political and criminal, the whole world has seen a dramatic increase in the use of DDoS as a form of protest or ‘hactivism,” made increasingly more effective through the use of social networks to organize like-minded individuals. Any site can be targeted, any time, and for any reason, and traditional solutions no longer provide sufficient protection from most DDoS attacks.
In March 2011, Verisign commissioned research to investigate the level of concern IT decision makers have with the growing threat of DDoS attacks in today’s ever evolving cyber landscape and found that 78% of respondents were extremely or very concerned about DDoS attacks and more than two-thirds expect the frequency and strength of DDoS attacks to increase or stay the same over the next two years.

Moreover, nearly two-thirds (63%) of respondents who experienced a DDoS attack in the past year sustained more than one attack and 11% of surveyed businesses were hit six or more times. Based on these results, it is no surprise that of the respondents who lacked DDoS protection, 71% said they plan to implement a solution in the next 12 months. It’s not just the large enterprises and financial institutions concerned with these types of malicious attacks anymore. Our DDoS protection service customer profile extends into all business types and sizes.

Q2. What are the various security challenges in domain name services space? Many across the globe register domain for running malicious and anti-national and terror portal. How can this be regulated, monitored and streamlined?

While we are not in the business of regulating the Internet, there are many security challenges facing the global Internet that Verisign is actively working to address. We recently made a major stride in making the Internet safer by implementing Domain Name System Security Extensions (DNSSEC) in .com in March of this year. DNSSEC helps close a known vulnerability within the DNS that has increasingly become a target for hackers and identity thieves. The deployment of DNSSEC in .com follows our successful 2010 DNSSEC roll-out in .net in December, .edu in August and the collaborative effort between Verisign, ICANN and the U.S. Department of Commerce to sign the DNS root zone in July. However, there is still more work to be done for the effective deployment of DNSSEC across the entire Internet ecosystem requiring collaboration from a variety of stakeholders. Verisign supports and encourages DNSSEC implementation by operating a DNSSEC Interoperability Lab that helps those stakeholders – including solution providers, ISPs, registrars and others – ensure the Internet communications ecosystem is ready for DNSSEC.

Furthermore, the Verisign iDefense team monitors the Internet 24/7 for the types of threats you mentioned to provide the most relevant and actionable cyber intelligence to our customers, stakeholders and law enforcement when appropriate. The Verisign iDefense group is made up of an experienced multinational network of almost 200 security experts who have exclusive access to the most in-depth cyber threat intelligence available. In the event of a breach or security event, our security threat analysts can even act as an extension of an organization’s incident response team, by providing automated analysis of malicious code, in-depth human analysis of malicious code, and forensic capabilities.

Q3. DDoS attacks pose a great threat to companies that conduct business online or have significant investments in their online brand and reputation. What do you offer in this space for enterprises?

As more companies are becoming reliant on their websites to meet revenue goals and provide customer support, implementing DDoS monitoring and mitigation and managed DNS services from specialized experts like Verisign is vital to keep pace with the dynamic nature of attacks and ensure network availability. To fully protect an organization, network administrators need the ability to quickly detect and mitigate attacks in the cloud before they ever reach their networks and that is exactly what the Verisign DDoS protection service does.

Our service offers a unique combination of robust network capacity, proven infrastructure capabilities, and advanced traffic filtering that can detect bad traffic and keep it from ever reaching our customers’ networks, while still filtering through the good traffic so they can continue business as usual. This method of detection and mitigation is the most elegant and cost effective solution out there.

Q4. What is Verisign Managed DNS? How secure is it since it’s a cloud based service?

Verisign Managed DNS is a Domain Name System (DNS) hosting service that helps deliver 100 percent DNS resolution, improving the availability of web-based systems. DNS is essentially like the phone directory of the Internet. It associates easily identifiable domain names with complex IP address numbers allowing visitors to more easily access a website. It is a mission-critical element of Internet infrastructure and any web-based system. When DNS servers aren’t responding, web sites and email become unavailable, resulting in loss of online presence, productivity and revenue.

Verisign Managed DNS uses the same infrastructure and expertise that manage two of the world’s largest top level domains (.com and .net) to provide DNS availability to our customers through a globally distributed, securely managed, cloud-based DNS infrastructure. It allows enterprises to save on capital expenses associated with DNS infrastructure deployment and reduce operational cost and complexity associated with DNS management, while also bringing greater reliability, performance and security through features like support for DNSSEC, IPv6, traffic management and geolocation.

Q5. Tell us more about iDefense Security Intelligence. Is the same offered in India and who are your customers in this space?

Verisign iDefense security intelligence services give information security executives 24/7 access to accurate and actionable cyber intelligence related to vulnerabilities, malicious code, and global threats. With iDefense, organizations have an experienced multinational network of security experts acting as an extension of their teams and exclusive access to the most in-depth cyber threat intelligence available. This translates into a security strategy that consistently delivers substantial cost savings—with proactive insights on true threats, the intelligence to avoid false alarms and revenue protection through improved system and application availability.

While we can’t discuss our customers by name, we can share that our customer base is made up of many of the largest global financial services organizations, ecommerce and technology companies, and government agencies. Increasingly, we are penetrating the mid-and-small business market by bundling elements of our security intelligence with our Managed DNS and DDoS Protection offerings, as well as taking advantage of a reseller model in several markets, including India.

Q6. How does iDefense generate credible insights on the cyber underground and how credible can be the insights?

The iDefense team monitors the Internet 24/7 to provide the most relevant and actionable cyber intelligence to our customers, stakeholders and law enforcement when appropriate. As the registry for the .com and .net domains, Verisign has unique insight into this massive global infrastructure allowing our iDefense experts to quickly detect and assess threats.

Moreover, iDefense has more than 600 security research contributors worldwide, multi-lingual threat collection capabilities in more than 20 languages and ongoing global field operations in suspect countries. Through this extensive multinational network and years of experience in cyber intelligence and security, iDefense provides an average of more than 100 days advanced notification on Zero-day vulnerabilities to customers – more than any other similar service. As a result, we have won many awards and many accolades for the credibility of our intelligence.

Q7. What are the future threats according to Verisign? How can the same be mitigated?

As previously discussed, we see the threat from larger and more advanced DDoS attacks to be a continued trend impacting companies and organizations off all types and sizes. Another threat is the increase in sophistication of malware that has the potential to enable higher rates of cyber fraud and theft. Lastly, while the transition to IPv6, the next version of Internet protocol that will allow for 340 undecillion new IP addresses and enable the continued growth of the Internet, is ultimately positive for the global Internet community, it has a long way to go in terms of methodology and adoption. This uncertainty about the approach to IPv6 implementation has the potential to open up many security issues as network administrators seek to migrate their systems to IPv6.

There are many services available today run by specialists who can assist with DDoS protection and IPv6 implementation to help minimize risks and impacts. Furthermore, the implementation of DNSSEC across the entire Internet will close a known vulnerability within the DNS that has increasingly become a target for hackers and identity thieves. It is critical that companies plan for these transitions now and that the global Internet community works together to ensure that standards are in place for adopting IPv6 and deploying DNSSEC.


Recommended for You

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Close Read More

See Ads