Stop Malware by Predicting Future Attacks

Recently, I came across a meme posted on Facebook that said, “Don’t lose hope. You never know what tomorrow will bring.” I can see why people would find that inspirational, but it got me thinking. What if we could know what tomorrow will bring? What sort of success could we find by knowing what we will know tomorrow, but today?

Obviously, the first thing that popped into my mind was the lottery (as I’m sure it’s what popped into yours, along with the ‘Back to the Future’ movies) but I’m a realist. I wanted to find a guaranteed way to find success by knowing something just one day early. The next thing that came to mind was the markets and market reaction. If I had access to that information a day early, I could make a fortune. 

Let’s examine the real-world possibilities. 

Predicting the Future – For Real

Now I know that the markets can be predicted by industry experts to a high degree of possibility/probability, but a prediction that is not absolute certainty doesn’t help me get to the place where I need to be. I want to KNOW something a day early, rather than simply guessing something a day early. 

So, What Exists Out There That Could Provide Certainty?

The answer is actually very simple: press releases. Bear with me while I explain. A press release is an official statement issued by a company on a company matter. It might be something positive like a new partnership, or something negative like a data breach. How can reading press releases predict the future? Well, stocks fluctuate on the news. Was something bad? It goes down. Was something good? it goes up. Pretty simple, right?

The problem here is these ‘future reports’ are closely guarded, as having knowledge of company actions early and acting upon that information is a violation of FTC regulations. They call it insider trading

What is Insider Trading?

It’s the illegal practice of trading on the stock exchange to one’s own advantage through having access to confidential ‘insider’ information about a company or future company move. 

If Insider Trading is Illegal, Why Are We Talking About it? 

Because we are talking about knowing what tomorrow would bring. Even though something is illegal, that doesn’t mean less-than-ethical people won’t use any ‘forbidden’ information they can get their hands on as a stepping stone to success.

Case in point: from early 2010 right through till mid-2015, a group of threat actors hacked into Marketwired, Newswire Association and Business Wire. They stole confidential press release drafts containing non-public financial information relating to hundreds of companies traded on the NASDAQ and NYSE. They then traded ahead of the information being released. The actors involved had daily access to over 150,000 press releases over the five years they were inside company systems. It’s estimated that they made over $100 million from having access to and the ability to act on this confidential information early.

But, They Were Caught.

Yes, in the end they were caught and the streets were safe again. Or are they? Once one group becomes successful through this sort of novel attack, word spreads and the next won’t be far behind. In addition, the bad guys will learn from the mistakes of those first crude attempts. Think about it like this. Once the world knew about the power of a nuclear bomb, everyone else wanted to build one. You can’t un-invent the A-bomb.

The game actually becomes more labor intensive at this point, as once word is out, the companies involved must try to figure out how to avoid this type of attack in future. The attackers must then learn the new rules and once again try to circumvent them. This leads to a rapidly escalating digital arms race that can become a constant drain on time and money to the companies and industries involved.

Why Protecting Your Company from that ‘First Attack’ is Vital

No matter what industry you work in or how large or small your business, protecting your company’s internal data from that initial attack is critical. You cannot allow threat actors to succeed, not even once. If an attacker figures out how to get into your company and benefit from your private company information, you may be able to drive out that first attacker, but like ants discovering a new food source, more will surely follow in droves.

To this end, make it a point to regularly test and retest your security infrastructure, and remember this: the endpoint is the gateway to your data. It must be guarded, and it must be guarded well.

In addition to this, here’s the thing: your entire company is only as secure as the least secure machine on your network, and that machine is only as secure as its user allows it to be. Regular employee security training and attack awareness campaigns internally throughout your organization is key. If your employees use their company machines for personal matters (which - let’s be honest - they will), download unauthorized programs or switch off/ otherwise circumvent your security protections to get what they want done quickly, without an eye on security, it will be your company as a whole that winds up with a problem.

If you are concerned that your current security product isn’t cutting it, we personally invite you to road-test our endpoint protection product CylancePROTECT. We can’t predict what tomorrow may bring, but we can use our unique blend of cutting-edge artificial intelligence and machine learning to stop that first attack, and all other attempts that may follow it. Cylance protects your endpoints, stopping malware dead pre-execution, before it can launch.