My patience with naming malware as if they were Marvel super heroes or X-Men is at an end. Slammer, Sasser, Flame, BlackEnergy. Instead of naming malware in ways that flatter or aggrandize the attackers, please let's use names that call attention to the systemic problem rather than the clever, tricksy software. For example,
WORM:Win32/TriedToWinAnIpodFromAControlSystem.A
TROJ:Win32/Surfed4PornFromARootAccount.C
WORM:Win32/ConnectedMyInfectedDeviceToIndustrialNetwork.A!sys
I was reminded yesterday of the Sun Tzu quote,
"If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle."
We're succumbing in nearly every battle, and increasingly it's not only because we don't know the enemy but that we don't know ourselves, or more accurately, that we are unwilling to admit to the myriad of ways that we fail to rigorously implement the most obvious, commonly known, widely recommended security measures.
Certain attacks of the weaponized malware kind can be contained or mitigated by isolating or restricting access from critical networks, by compartmentalizing services, by hardening administrative systems, or by prohibiting users from connecting general purpose clients or devices from critical business or infrastructure networks. These measures also protect against the affects of user who disregard or overlook recommended secure behaviors.
A typical conversation that follows a successful exploit begins with, "have you read about the BurntUmberGoat attack against the Berzerkestan SCADA network?"
Name malware by the failure they exploit and your conversation now begins, "have you read about the Surfed4PornFromARootAccount MITB attack against the First Bank of Glovania?"
Changing the naming convention may not alter the attack surface but it might make conversations a bit more educational. There may even be a shame factor to exploit here.
It's embarrassing enough for most folks to have an IT guy tell you, "Your computer was infected with BurntUmberGoat" in front of your office mates.
It's quite a bit different to have her say, "Your computer was infected with Surfed4PornFromARootAccount".
Comments
You can follow this conversation by subscribing to the comment feed for this post.