by Brent Kirkpatrick
(Date Published: 03/24/2017.)
There is an arms race every time hackers saturate the ability of the industry to respond, requiring new methods to be innovated. For the duration of the arms race, this creates a brutally competitive environment for computer systems experts. If you fail to secure your systems well enough, you may be plagued by set-backs or be outed by the hackers as having weak security.
Worse, as hackers successfully compromise the computer industry, they gain access to source codes that can be used to broaden their attacks. For example, if a hacker gains access to a BIOS manufacturer's source, they can embed a back-door in the BIOS, compile it, and distribute their version as an update. If they are very successful, the hacker might be able to get their version of the BIOS shipped with the computer.
When computer professionals suspect that they are hacked, they usually begin looking for machine code. After being unable to find exploit machine code, many professionals wrongly assume that their systems are not hacked. The principle of "innocent until proven guilty" only works with people, not computers. It is more appropriate to assume that an arbitrary computer is hacked, and that there is a skills or methods crises that prevents discovery of the exploit machine code.
We are currently in an arms race that began in 2014. The industry is staggering under the load of discovering and defending against active exploits. Intrepid estimates that there are half-a-dozen worms currently in the wild.
Intrepid Net Computing is in the business of capturing and analyzing difficult-to-find exploits, including worms and Trojans. These exploits often clean-up after themselves or hide very cleverly. We use experimental methods and statistics to isolate machine code.
defendIT (TM). AI-driven security measures derived from security incident data.