There’s been an explosion in new malware over the past two years. But how new is this malware, really? How serious is the threat, and how should it be countered? DOROS HADJIZENONOS of Check Point South Africa looks at the issues.|There’s been an explosion in new malware over the past two years. But how new is this malware, really? How serious is the threat, and how should it be countered? DOROS HADJIZENONOS of Check Point South Africa looks at the issues.
Taking the path of least resistance is natural – it’s why rivers flow around mountains, and electricity finds the easiest route to earth. It also explains why there has been such an explosion in new malware in the past couple of years. While there remains a select handful of coders who will painstakingly develop sophisticated, advanced and complex new threats the vast majority of would-be hackers are taking a much easier route to achieve their goals.
They’ve seen the rewards that are possible from a malware attack, and they’re also aware of the easily-available tools that automate the assembly of new malware, or enable small modifications to existing malware types, rendering them undetectable by conventional antivirus products. The result is that malicious code is now being mass-produced and unleashed on an industrial scale, by people with little or no coding skills.
In fact, Check Point’s latest annual Security Report shows that more unknown malware has been found in the past two years than in the previous 10 years combined. While new malware introductions were relatively static in 2010 and 2011, at 18 million per year, this nearly doubled to 34 million in 2012, rose to 83 million in 2013, and reached 142 million in 2014. What’s worse is the speed at which this is occurring. On average, organisations were downloading 106 unknown malware types every hour – that’s 48 times more than in 2013.
In a majority of cases, these were existing, known types of malicious files that had simply been modified with minor alterations to a couple of lines of their code – literally, old malware with a new trick, that enabled it to bypass even the most up-to-date antivirus detection.
Building a better trap
To avoid being fooled by these new tricks, an additional method of detection known as threat emulation, or sandboxing, is recommended. Early versions of this technology worked by intercepting suspicious files as they arrived at the organisation’s gateway, and inspected their contents in a virtualised, quarantined area (the sandbox) for any unusual behaviour, in real time. If the file’s behavior was found to be malicious, for example attempting to make abnormal registry changes or network connections, it would be quarantined, preventing the infection from reaching the network.
While this approach considerably boosts malware detection rates, criminals have already recognised that the technology is deployed on a percentage of networks, and have responded by implementing further evasion techniques. As such, a next-generation approach is being introduced: CPU-level sandboxing. This enables a deeper, more insightful look at a suspicious file’s activity.
It takes advantage of the fact that there are only a handful of exploitation methods that can be used to download malware and execute it on a host PC. As it operates at the chip level, below the application or operating system layers, CPU-level sandboxing detects the use of malware exploitation methods by examining activity on the CPU, and the execution flow at the assembly code level while the exploit occurs. As a result, it strips away any disguises applied to the malware, and pre-empts the possibility of hackers evading detection.
While the speed and accuracy of detection make CPU-level sandboxing a powerful method for detecting unknown attacks, especially existing malware that has been altered using obfuscation tools, it also enables detection of the far more sophisticated (and much rarer) zero-day exploits. Zero-day malware is effectively hand-built to exploit software vulnerabilities that vendors aren’t even aware of yet. The ability to block both common and rare, targeted attacks adds a strong, extra defensive layer to organisations’ networks.
Taking the sting from malware
Taking this approach a step further, another emerging threat prevention technique can combine with OS- and CPU-level sandboxing, to virtually eliminate the risk of threats. This technique is called threat extraction.
It involves a direct approach to threat removal: as the majority of malware is distributed in infected documents (our Security Report shows that 55% of all infected files were PDFs or Office files), then all documents arriving at an organisation by email should be intercepted, and content that is identified as malware, such as macros, embedded objects and files, and external links, removed. The threat-free document can then be reconstructed with known safe elements, and forwarded to the intended user, either in the original format or as a locked-down PDF, according to the organisation’s policies.
With the pace of malware attacks showing no signs of slowing down and the evasion techniques and tricks used by malware authors always evolving, the technology deployed to keep businesses secure also needs to evolve, to keep them ahead of new threats. What was cutting edge in 2014 will simply be the standard for 2015.
* Doros Hadjizenonos, Country Manager, Check Point South Africa
How to create an esports team
2018 was a landmark year for South African esports as one of the country’s best teams took the battle overseas and made waves in the international scene. A year ago Bravado’s top Counter-Strike: Global Offensive (CS:GO) team relocated to Arizona in the U.S., a venture dubbed Project Destiny, where they used the opportunity to train as full-time professional athletes and conquer the best teams out there.
Project Destiny was a massive success. A year later and Bravado’s CS:GO team had carved a name for itself through several high-profile victories and invitations to top tier tournaments. Clearly this is not the end of the story and the team has been reflecting on the lessons and opportunities.
Team captain Dimitri “Detrony” Hadjipaschali helped lead Project Destiny and gleaned a considerable amount on what needs to go into an esports team.
Team for the right reasons
For aspirant pro players who want to up their game, pun intended, he advises starting at the basics: why do you want a team?
“In recent times, people want to create a team with no direct intention, not knowing if they want to do this casually and socially, or professionally. Doing this professionally requires risk. It depends on how much work and sacrifices are contributed to the cause of creating a team. Playing socially is fine, part-time, as many people do, but playing professionally and wanting to reach the top one day, purely depends on your dedication, motivation and intention.”
Put in the hours
Like any aspirant pro athlete, preparation requires hours of training. Bravado’s players all put in several hours of training daily, 7 days a week, and Project Destiny’s full-time pros worked multiple training sessions every day, usually in the morning and afternoon for 4 hours each, as well as competitive matches in the late evening.
But even Bravado members who are not full time still put in hours of training every day. Serious players need to find the time and build up their dedication because this level of performance is simply the bar set in esports. Said Dimitri:
“The general esports title or game a team competes in will require anything, if not more than, a traditional sport outside of esports would require to get to the top.”
Fortunately, you don’t have to go all-out from the start. Esports are tiered with the top players in the highest tiers. So there is space to cut your esporting teeth while making room for it in your life. But never forget that to be one of the best means no half-measures. In esports, you have to commit to win.
“A good team player is an individual who views his team as a single unit and not just himself as an ‘individual player’ in the bigger picture,” said Dimitri. “They put their team first and before themselves. This is the first main fundamental of a mindset required for a team player.”
Pro teams shouldn’t be mistaken for gaming clans, which are more casual and where gaming is a hobby. Even though they can be very competitive, clans mostly play for fun and entertainment, whereas a professional team is highly competitive with goals that it sets out to accomplish.
This is important because it helps the team members agree on the importance of those goals and the focus required. If you are not willing to show up every day to play the same game, partake in training exercises and learn from feedback, a pro career won’t work for you:
“Playing professionally requires aligned individuals where they share common goals and have equal intentions to realize what they want to achieve and what it takes to compete at a high level.”
Professional athletes aren’t created overnight. It takes many years of focus and dedication while also pursuing studies or working at a day job before someone manages to ascend into a paid career. Esports is the same and demands patience alongside dedication.
Esports teams amplify this requirement. While in Arizona, Bravado applied the maxim “Teams who work together win together.” Household chores were divided up between players, creating a sense of common responsibility. This repetitive reinforcement of team values is crucial for success, whereas impatience for a team to ‘click’ is a recipe for disaster:
“Often, teams do not achieve their desired results and achievements in the short run and immediately resort to a roster change. Or someone in the team is replaced without a completely valid reason. This underestimates the importance of sticking together to create synergy in the long run.”
He also added that using time smartly is perhaps even more important than the amount of time spent on training. The team under Project Destiny used a full-time coach who helped set routines, objectives and priorities:
“The mistake with teams struggling to improve these days is that they do not know and understand how to work with limited time, and how to do this best and constructively as possible. Often teams that aren’t at a top competitive level yet arrange bootcamps, but set the limited time they have with each other incorrectly, or rather not to the best potential.”
When Bravado embarked on Project Destiny, it aimed to put South African esports on the map and serve as role models for aspirant players in the country. By those measures, it has been a huge success and Bravado continues to grow and educate. Through the ongoing support of sponsors Alienware and Intel, Bravado continues its mission of creating esporting excellence and opportunity for South Africans.
Learn more at bravadogaming.com or contact Bravado’s players directly via their social media accounts.
Opera reveals SA browsing habits
Opera, one of the world’s major browser developers, and leader in AI driven digital content delivery and discovery, has released its State of Mobile Web 2019 report, revealing that nine out of ten people in South Africa use their mobile browser every day.
Other Key findings from the report include:
- Internet users in Africa use their browser to access social media domains such as Facebook, YouTube, Twitter and Instagram, followed by entertainment and search websites
- Opera News users in Africa spend 50% of in-app time watching videos
- South Africans pay six times more per gigabyte of mobile data than people in India
- Opera Mini saved users nearly 100 million USD in mobile data in 2018
The report reveals that the Opera mobile browsers and standalone news app were used by nearly 20 million internet users in Africa and by more than 350 million people globally in the first quarter of 2019. The State of Mobile Web 2019 report also shows that Opera experienced a growth of more than 26 percent of its user base year on year, compared to the first quarter of 2018 in Africa.
“We are thrilled to see that our mobile browsers and news app have grown by 25 million monthly users in the last year, ” said Jørgen Arnesen, Head of Marketing and Distribution at Opera. “The new Opera News app has led this positive growth, as well as the introduction of new features to our mobile browsers like built-in VPN and crypto wallet. The successful partnerships Opera has with major smartphone manufacturers in Africa have also contributed to this massive growth”.
The 2019 edition of the State of the Mobile Web report looked into the use of the Opera Mini browser and the Opera browser for Android, and it shows that mobile browsing is one of the most popular online activities among African internet users. For example, in South Africa, nine out of ten people use their mobile browser every day, an activity they prefer over the use of other applications like YouTube.
The report also revealed that on average, Africans using Opera spend more than 30 minutes browsing online each day. The most browsed category of websites was social media platform domains such as Facebook, YouTube and Instagram, followed by search engines like Google, and entertainment and sport websites.
100 million dollars saved on mobile data
In the State of the Mobile Web 2019 report, Opera gives detailed insight into the use of the data savings feature in the Opera Mini browser, and compares the average price of mobile data in 20 countries in Africa. The results revealed that the data compression mode in Opera Mini saved users nearly 100 million USD of data in 2018.
In this analysis, Opera also compared the costs of data in some African countries with the cost of mobile data in India and Germany. The outcome of this analysis showed that South Africans pay six times more per gigabyte of mobile data than Indians and almost the same price as Germans for one gigabyte of mobile data.
Rapidly changing news and video consumption landscape
The report takes a look at the trends of news and video consumption across Africa. This includes analyzing the usage of its standalone Opera News app, which grew from launch to over 20 million users in a period of one year. Categories like breaking news, local news, and entertainment were the favourites among users in the first quarter of the year.
Video content is also becoming more popular among people who use the Opera News app. The report shows that people spend 50 percent of in-app time inOpera News watching videos on Instaclips, the recently added video feature on the news app.
The usage of Instaclips keeps growing since its test launch in December 2018: in Q1-2019, Instaclips registered a total of 122,000 videos uploaded in different languages such as English, Portoguese, French, Arabic and Swahilli.
Expanding beyond browsing to fuel digital transformation
Opera’s commitment to digital transformation in Africa is ongoing. Beyond the development of its mobile browsers and standalone news app, Opera has made major investments on the African continent, expanding its services to other technology areas such as FinTech and digital advertising.
In 2018, Opera announced the launch of OKash, a fintech micro-lending solution that quickly gained traction among mobile internet users in Kenya. Today, OKash ranks among the most downloaded micro lending applications among Kenyans and its user base keeps on growing.
In May 2019,Opera announced the introduction of Opera Ads, a new advertising platform that allows media agencies and publishers to run more targeted marketing campaigns through the Opera platforms.
The full version of State of Mobile Web 2019 report is available to read online or for download by clicking here.