Defending against self-destructing PCs, other mythical security threats


Speaking to "60 Minutes," senior officials from the National Security Agency alleged that a foreign nation had tried to infect computers with a BIOS-level malware. Not much in the way of technical details were offered, though what was said made it clear that the malware had the ability to brick, or render a PC inoperable at some form of remote signal.

Though some might dismiss this as baseless fear mongering by NSA officials in a bid to salvage the reputation of the beleaguered agency, the warning does seem highly plausible. Imagine being able to kill all the PCs in a foreign nation just as you launch a military attack on them--it can only serve to cripple their economy and communications, resulting in a huge advantage from the get-go for the aggressor.

Separately, it has been reported that the NSA has the capability to decode the cellphone encryption technology most widely used around the world. The key reason has to do with the fact that the mostly commonly used technology, known as A5/1, continues to be used by mobile phone operators despite the proven insecurity of the decades old standard. And if the NSA can decipher encrypted cell phone conversations, why wouldn't foreign governments be able to as well?

Finally, related stories that we reported on recently has revealed that financial malware is increasingly targeting smartphones in order to steal second-factor authentication codes sent in the form of SMS authentication. Clearly, this is working, given how at least one banking Trojan has since been spotted targeting newer, 64-bit systems.

Taken together, the various security-related reports serve to illustrate our utter dependency on computers and digital communications. This has in turn culminated in the development of a new generation of extremely sophisticated threats that would have been considered highly unlikely or even impossible just a few years ago.

Clearly, enterprises need to adopt a more aggressive and proactive stance in order to stand a chance against multiple threat vectors stemming from espionage, spying and malware. In a one on one with Tenable CEO Ron Gula in July this year, he told us that the biggest security issue is the perception that we can't win. In the face of so many complex, blended attacks, is there anything the enterprise can do? I'll love to hear your thoughts on this. - Paul Mah  (Twitter @paulmah)