Who knows what attack campaigns and viruses lurk in the dark corners of the Internet?
Answering that question is complicated in part by the sheer amount of malicious code now in circulation. "On a daily basis, we analyze approximately 500,000 unique, new malware samples.That's a huge stack of malware samples - most of them are just polymorphic versions of existing viruses ... [so] they can be stopped with existing AV systems; not a worry," says Christophe Birkeland, CTO of malware analysis for Blue Coat Systems. "Our job is really to dive into that stack of malware and identify ... the new threats out there."
Sometimes, that deep dive into new types of malware threats produces significant finds. Take for example the Inception campaign that Blue Coat discovered. The campaign relied in large part on a sophisticated attack platform, including malware that infected everything from home routers to Android, Apple iOS and BlackBerry devices, and primarily targeted strategic Russian targets.
"When we find threats that are unique, that's when we decide to spend lots of resources to really understand the threat, and the reason we do this is because we want to develop the best possible defense against it," he says.
In an interview recorded at Infosecurity Europe, Birkeland also details:
- How the Inception campaign operated, including its use of cloud services;
- The "bad guy" campaigns that security researchers most likely aren't seeing;
- The upsides and downsides - for defense - of the increased use of encrypted, SSL traffic.
Birkeland is CTO of malware analysis for Blue Coat Systems, as well as managing director of Blue Coat Norway. He joined the company via its acquisition of Norman Shark, where he served as CTO. Prior to that, he held a number of roles in the public and private sector, including serving as the director of NorCERT, the Norwegian Computer Emergence Response Team.