Advanced Technology Brings Advanced Cyberthreats

He explained that malware attacks on security usually leave traces of its activity. It takes a lot of work to create an attack that can get through certain defenses to compromise key networking software like Secure Sockets Layer (SSL).

The recent Lenovo incident involving Superfish has drawn additional attention because it involved pre-installed software which avoided the possibility of being detected as compromising security certificates.

In this case, the developer (a vendor to software company Superfish) was trying to create what he called an “SSL Hijacker” – intended to intercept secure messages without altering the contents. His code ended up disabling more than was intended, Haass said.

Haass compared the incident to the movie Jurassic Park when the smart scientist disables the alarms so he can drive through secure gates unnoticed. The scientist, however, forgets that his actions also unlocked all of the beasts from their containment.

“Superfish thought it was just improving its search,” he said. “In reality, it ended up removing all user security.”

Learn more about what developers can do to combat threats from the U.S. Department of Homeland Security’s Software Assurance Program. Organizations like the Association for Enterprise Information can also provide guidance. Read how these vulnerabilities create new business challenges in “Big Business Faces Cyber Challenge."