In the Internet age malware attacks are a disturbingly common phenomenon. Malware is that pesky software that continuously finds its way onto our devices, causing no end of problems ranging from irritating advertisements to spying and the theft of private information.
Malware comes in many different varieties, each a byte-sized chunk of intrusive and hostile software. The term includes viruses, worms, Trojan horses, spyware, adware, scareware and ransomware. Often disguised or imbedded in other files, malware can be difficult to detect, lurking unnoticed as it does its damage. Even security experts can be fooled.
Malware doesn’t just target garden-variety, day-to-day private users. The list of favorite targets includes large companies, with attacks frequently carried out by rivals seeking to gain a competitive advantage. Of late, malware is even being developed and used by both terrorists and national governments to attack a country’s critical IT infrastructure.
On Dec. 23 of last year, Russia-linked BlackEnergy malware was used to shut down Ukraine’s power grid leaving, half of the Ivano-Frankivsk region completely blacked out.
BlackEnergy is a crimeware tool first sold in the Russian cyber-underground in 2007. Initially used to carry out Denial of Service (DDOS) attacks, it has since evolved. Rogue programmers have extended its capabilities, adding functionalities like stealing and wiping data while keeping its footprint under the radar. Like most malware, BlackEnergy tricks a computer user into installing it, typically via Microsoft Office documents containing malicious macros.
Upon installation, BlackEnergy looks for an unused driver in the operating system in order to run under admin privilege. Later it replaces the driver components with its DLL payload. It then wipes out all the data from the system, causing the system to crash. In the Ukrainian attack, BlackEnergy used the following decoys to get past the UAC and Driver sign-in during the pre- and post-installation phases:
Figure 1: Decoy used by BlackEnergy malware. Source: F-Secure
These types of attacks are becoming more common, and have the potential to do great damage and even cause loss of life.
How safe is India from such attacks? Not very. According to a recent report by Trend Micro, India was the nation most targeted by hackers for stealing data in the second quarter of 2015. There were more than 118 million cyberattacks during the last quarter of 2015 — 16 percent of those attacks were directed at Indian entities.
It’s easy to see that India is a ripe target for cybercriminals and hostile nations. Our energy sector is one of the biggest in the world. We are the world’s third largest producer of electricity. In 2013, India had seven nuclear power plants operating 21 reactors, with six more reactors currently under construction.
There are presently 402 million internet users in India, and we are predicted to pass 460 million by the middle of this year. Making the threat even more acute is the fact that a majority of our internet users connect via mobile devices.
Many mobile users connect via smartphones with embedded software and sensors, and with 4g LTE connection. The volume of information exchanged via these smartphones provides a vast pool of data for cybercriminals to exploit.
It gets worse: More users than ever are now utilizing apps to pay electricity and gas bills online. India’s mobile realm is fast becoming the nation’s newest sector of concern, due to the increase in the sophistication of the cyber threats.
Get a certification and join the fight
Fortunately, there is a bright light on the horizon — millions of our citizens are studying information technology (IT), and the fastest growing segment of IT is security. For a fresher, there is great potential for a career in security working as a network security engineer, malware analyst, penetration tester, system security administrator, and so forth. Each year India graduates 1.5 million engineers. Although competition is stiff, there is plenty of room for those security pros who know their stuff.
For security pros, it’s not always about taking actions after an incident happens, most of the time the main challenge is detecting malware. Doing so often requires reverse engineering such malware to find out how it functions.
If you are going to become a malware reverse engineer, then a certification from a recognized global entity is a sure advantage, in some instances even beating out a university degree. Three globally recognized certifications for reverse engineering of malware are:
- GIAC Reverse Engineering Malware (GREM), offered by SANS
- Certified Reverse Engineering Analyst (CREA), offered by IACRB
- Certified Malware Reverse Engineer, offered by CREST
Each of these credentials verifies that an IT professional has the proven practical skills and theoretical knowledge to reverse engineer malware. A career in this field can be rewarding as the average annual salary for an entry-level reverse engineer or malware analyst is more than 1.5 million rupees ($22,000 U.S.).
Another in-demand security position is working as a forensic investigator. If you like following the trail of a cyberthreat or cyberattack, then this is the job for you. A computer forensic investigator detects hacking attacks and properly extracts and examines evidence to aid in reporting, documenting and preventing such attacks. Computer investigation techniques are used by law enforcement, government and corporate entities.
Forensic investigators use their skills to extract evidence of everything from disloyal employees, computer break-ins, industrial espionage and web page defacements. Two of the best certifications for a forensic investigator are:
- Computer Hacking Forensic Investigator (CHFI), offered by EC-Council
- GIAC Certified Forensic Analyst (GCFA), offered by SANS
Having either official certification under your belt will greatly boost your chances of working as a security analyst or security manager, positions which have an annual base salary starting at 1.8 million rupees ($26,500 U.D.).
There is no denying that the internet is not as safe as most users believe it to be. Malware attacks like ransomware and data theft are on the rise. Recent attacks on a nation’s critical infrastructure are an alarming indicator of the potential for loss of life. Protecting these IT sectors from such attacks requires competent and skilled professionals.
More public and private entities, including national governments, are increasing their IT security budgets. This trend is an opportunity for security professionals to find themselves at the forefront of the fight by preparing themselves with relevant Training. The various certifications mentioned above are a great way to help one pursue a rewarding and exciting career.