Government-Grade Stealth Malware In Hands Of Criminals by Sara Peters.
From the post:
Malware originally developed for government espionage is now in use by criminals, who are bolting it onto their rootkits and ransomware.
The malware, dubbed Gyges, was first discovered in March by Sentinel Labs, which just released an intelligence report outlining their findings. From the report: “Gyges is an early example of how advanced techniques and code developed by governments for espionage are effectively being repurposed, modularized and coupled with other malware to commit cybercrime.”
Sentinel was able to detect Gyges with on-device heuristic sensors, but many intrusion prevention systems would miss it. The report states that Gyges’ evasion techniques are “significantly more sophisticated” than the payloads attached. It includes anti-detection, anti-tampering, anti-debugging, and anti-reverse-engineering capabilities.
…
The figure I keep hearing quoted is that cybersecurity attackers are ten years ahead of cybersecurity defenders.
Is that what you hear?
Whatever the actual gap, what makes me curious is why the gap exists at all? I assume the attackers and defenders are on par as far as intelligence, programming skills, financial support, etc., so what is the difference that accounts for the gap?
I don’t have the answer or even a suspicion of a suggestion but suspect someone else does.
Pointers anyone?