The Inquirer-Home

Cybercrime surge is forcing security vendors to roll out updates every 40 minutes

Hacker siege increasing danger of false positive signature update, says Symantec
Thu Apr 10 2014, 13:24
Symantec logo

DUBLIN: A SURGE in cybercrime is forcing security vendors to release security updates every 40 minutes, according to security firm Symantec.

Orla Cox, senior manager for Symantec Security Response, reported the development during a briefing attended by The INQUIRER.

"We're seeing more sophisticated attacks than ever before and people want security," she said. "Nowadays we are rolling out virus signature upgrades around every 40-50 minutes. They are rapid response upgrades that go through partial vetting. We then follow them up with three upgrades per day that are fully certified."

Cox said Symantec began rolling out the rapid updates to help mitigate the growing number of malware variants and active cyber campaigns targeting its customers.

"It's been about shaving off minutes for the last couple of years. If you came to us a few years ago it was one [update] and before that it would have taken hours. The rapid updates are for people that need a rapid response, like those suffering an infection."

She said Symantec blocked 568,700 web attacks on its customers and detected a massive 1.6 million malware variants per day in 2013. But despite helping customers, Cox said the company's rapid update cycle has increased the risk of pushing out an update with a false positive signature.

"The biggest quality issue we face is the danger of false positive definitions. There's a risk of detecting something clean as malicious, that's the big no-no in our industry, so it's as much about building definitions libraries about legit files as malicious," she said.

False positives are updates from security providers that list legitimate files as malware and block them from running. In the past the faulty updates have caused damage to many companies. In 2013, Malwarebytes crippled thousands of its customers' machines when it issued a false positive update.

Cox said the influx of new threats has also forced Symantec to expand its analysis procedures in recent years. "We've had to evolve how we work, it's not just about providing protection and moving on any more. Threats and the landscape have changed and to address this we've begun doing intelligence work," she said.

"We do bespoke research on occasion, with both customers and law enforcement. These situations are ones where we have the skills they don't - that's the benefit of us being here every day, reverse engineering malware.

"Doing this over the years we've had to develop a number of systems and now we're trying to understand the individual attacks in the context of who did them and why."

Symantec is one of many technology firms to begin adopting an intelligence-based approach to cyber defence. Facebook unveiled a new automated Threatdata security service designed to detect and catalogue new malware families earlier in March. µ

 

Share this:

blog comments powered by Disqus
Advertisement
Subscribe to INQ newsletters

Sign up for INQbot – a weekly roundup of the best from the INQ

Advertisement
INQ Poll

Masque malware is putting iPad and iPhone user data at risk

Has news of iOS malware made you reconsider getting an iPhone?