But while most focus on how we can leverage the knowledge gained in the “real world” in identifying and stopping the spread of plagues in the virtual world, I would like to offer another perspective. Perhaps we in cybersecurity can return the favor. Perhaps the medical world can take the lessons learned in three decades of fighting “cyber viruses” and implement these in their fight to mitigate the Coronavirus?
Originally, the type of computer software described as “a program that can infect other programs by modifying them to include a, possibly evolved, version of itself” was named “Virus” by Fred Cohen in his 1986 Ph.D. thesis. Another biological reference made its way into the computer lingo when the first worm was unleashed (although the phrase was used in an earlier sci-fi novel).
In the last couple of years, computer viruses, or more widely the panoply of malware as we think of cybersecurity today, have undergone rapid evolution that has made them much more difficult to identify and mitigate:
More variants: 439,000 new malware variants were detected in 2019. That’s a 12.3% increase over the previous year.
More capable: Modern malware threats are far more capable than the old viruses spreading through illegal copies of software distributed via floppy-disks. Today’s malware can steal passwords, exfiltrate sensitive data, encrypt and delete data, and much more.
Harder to detect: Malware authors work hard to make their software difficult to detect. This includes hiding it in legitimate documents (aka “weaponizing” Word, PDF and Excel documents), utilizing detection-evasion mechanisms (like avoiding execution in sandboxed environments), and using legitimate software update mechanisms, all to make the work of the defenders harder.
More aggressive: Some malware types are extremely aggressive; they scan for open RDP ports, brute-force their way onto a device, and then move laterally within the organization’s network, abusing password-protected servers and seeking sensitive data, all without the knowledge of the victim.
Fast: contemporary malware is extremely fast and works at machine-speed to bypass protection mechanisms and achieve its goals—ransomware like “Wannacry” disabled entire organizations in minutes.