By Milica D. Djekic

Any malware being known to the cyber community or still getting the status of the advanced persistent threat is the potential risk to your IT asset. There are so many sorts of malware such as spyware, viruses, worms, Trojan Horses and so on and all of these malicious applications are created to make harm to some computer and its network. The malware is only about the piece of code that would cope with the capacity to multiply itself and execute on its host machine or environment. It can infect the entire files, folders, and operating systems causing so many troubles and headache to its targets. So, this story could sound a bit of scary and in the practice, there are some preventative measures such as anti-malware software that can discover and destroy the malware literally occupying your system on.

On the other hand, we would mention the advanced persistent threats that are also the malware in their basis, but they are not known to the cyber industry – so they can pass through any known way of defense. This is quite a trickery – you would agree – because those malicious programs would just get the access to your surroundings and take plenty of inappropriate actions that could confuse even the experienced IT professional who may wonder what has happened for real for a reason his anti-malware prevention would not signalize anything. Simply, the entire device and its network would start dealing in so crazy way and you would probably lose some of your data, but your anti-malware application would just claim everything is absolutely alright. As you can get, that is the quite inconvenient scenario and the fact is even if you run your scanning capabilities, you would get nothing as the outcome.

In addition, the hackers would produce new and new bad software day by day and every single day in the world someone would get infected with them and that person would not even know that, so if we assume that the role of the defense community is to go at least one step in front of the threat – it’s quite obvious why we need the effective mechanisms to combat such a risk and keep the hacking underground under the control. In the essence, the modern Law Enforcement would cope with the capacity to answer to these trends and briefly after the bad guys spread some malicious product over the internet – the good guys would figure out that and through their hard work develop the certain procedures as well as solutions how to respond to such incidents.  

What is security research?

The most effective method to deal with the malware threats is to invest in the security research. Such an area of the interest is all about how to investigate what is happening in the cyberspace and attempt to find the possible countermeasures to those schemes. So, in other words, you need some kind of situational awareness about what could occur in your IT surroundings as well as find some ways of defense to those risks. This is not the easy task at all and so many security researchers would spend a lot of their time with the hacker’s spots either being on the Visible or Deep Web trying to realize what got new amongst the bad guys. Basically, it takes a heap of time and effort to invest every single day into your investigation and every single time you find out anything being novel you would need to prepare the skillful report about so and transfer your findings to the forensic lab where all of those information would get examined and tested.

The security research is the good starting point to many Law Enforcement investigations and once someone reports that his IT asset got so strange behavior – the security analysts should deal with such information and try to identify which sort of the bad code got responsible for such an attack. On the other hand, the security research is about the hours being spent in front of the screen and investigating as well as discovering the places on the web where the cybercriminals like to spend their time and leave some trace. This sort of occupation needs a great skill and so patient professionals who would get capable to investigate everything in so rational and critical manner.

Security research and malware identification

The purpose of security research is to identify the malicious code that is not previously known to the rest of the cyber community and try to include such a program into some anti-malware database. Once in such a database – the malware would get recognized every single time when it approaches some IT infrastructure that uses the adequate anti-malware system. In this case, we would mainly talk about the end user’s experiences and possible about some business implications and impacts of such a tendency. It’s not the rare occurrence that the hackers would attack some server or datacenter that would also deal with some anti-malware protection and try to infect as many internet users as they can in order to obtain some kind of sabotage and try to paralyze some business assets causing the total working discontinuity and consequently some financial losses. For such a reason, it’s so important to follow the best practice with the security research, because it’s quite obvious that the potential malware attacks could have so dramatic consequences to the entire society and in some cases to the good portion of the economy.

The purpose of anti-malware software

The anti-malware software is the good method of protection to both – personal and business needs and it’s quite clear why we need such a solution to remain cyber safe. Also, the anti-malware application is not the silver bullet and, in other words, if you get that piece of the program getting installed on your machine you would be so far from being absolutely secure. In the practice, so many anti-malware applications could get downloaded from the internet for free and that software would use the standard updates as their security researchers and forensic laboratories are identifying new and new malware on the web. The point is your anti-malware solution could prevent you from being infected from the malware being known to the cyber industry, but it cannot protect you fully. In addition, so many web links could get uploaded the bad piece of code with them and those connections are mainly applied in the phishing campaigns, so the fact is there are some online applications that could support you in investigating such links before you make a click on them and potentially get infected with some malware.

Forensic examinations of today

The modern teams of the cybersecurity forensic investigators would usually deal with the high-tech equipment and get in position to cope with the security researchers’ reports doing some analyses and testings of once discovered code. The experience would suggest that those experts would try to isolate the malicious application trying to observe its behavior and if they get the chance to obtain its source-code – they would also investigate that. Never underestimate the power of the good investigative team for a reason those guys could be that skillful to find literally everything about some malware including their code in some programming language environment. In other words, the field of digital forensics and security research could offer us nearly limitless opportunities and it’s not surprising at all that the response to any new vulnerability would be such fast.

The concluding remarks

It would appear that the human factor in the security research, as well as cyber forensics, could play a crucial role in pushing a defense getting at least one step in front of the threats. As time is going on – the bad guys would cope with some activities in sense of producing the emerging malware software and the good guys would not stay without any response regarding such a situation. Apparently, they would also work so hard in order to figure out how to manage the risk and resolve anything being so concerning to some nation, business and economy, so far.

About The Author

Milica D. Djekic is an Independent Researcher from Subotica, Republic of Serbia. She received her engineering background from the Faculty of Mechanical Engineering, University of Belgrade. She writes for some domestic and overseas presses and she is also the author of the book “The Internet of Things: Concept, Applications, and Security” being published in 2017 with the Lambert Academic Publishing. Milica is also a speaker with the BrightTALK expert’s channel and Cyber Security Summit Europe being held in 2016 as well as CyberCentral Summit 2019 being one of the most exclusive cyber defense events in Europe. She is the member of an ASIS International since 2017 and contributor to the Australian Cyber Security Magazine since 2018. Milica’s research efforts are recognized with the Computer Emergency Response Team for the European Union (CERT-EU). Her fields of interests are cyber defense, technology, and business. Milica is a person with a disability.