Businesses, governments value local skills in joint malware fight: BAE SAI

Establishment and expansion of Australian information-security centres of excellence is becoming increasingly appealing to private and public-sector organisations that are finding them invaluable partners in the race to keep up with malware threats, according to the regional head of cyber security at BAE Systems Applied Intelligence (SAI).

The company opened a security CoE in Sydney two years ago and last year credited the local team with discovering and publishing detailed analyses of the widespread Shylock and Snake malware variants.

“Having a strong research capability is quite critical to a number of our customers,” said Craig Searle, Asia-Pacific head of cyber security with BAE SAI told CSO Australia. “We have customers that are very interested in having an advanced threat intelligence capability at hand – a sovereign capability they can call on to get advice and input, and to complement their internal capabilities with skills that would be very hard to find anywhere else in the world.”

Those partnerships led to a strong response against the long-lived Shylock banking malware, for one, which emerged in 2011 but has morphed numerous times – for example, expanding in 2013 to spread via Skype – and infected large numbers of systems before being shut down in July by an international law-enforcement effort. BAE SAI's analysis, largely headed by its Australian security experts, broke down the code and documented features such as its plug-in architecture.

The convergence of cyber-criminal activity and fraudulent activity had raised the stakes in the cat-and-mouse game between malware authors and security researchers, Searle said, adding that the efficacy of conventional detection approaches had long ago been compromised.

“The approach of simply trying to block the malware is inefficient at best, and a little naïve at worst,” he said. “These threats are being written with specific targets in mind, and written not to be identified by commercial security software.”

“Our approach is taking a bigger view, trying to understand who is producing this malware, what's their motive, and who are the key actors in that theatre. To do this, it is necessary to not only be able to have a world-leading research team like we do, but also to collaborate with other research teams and make sure we are getting the best information we can at any point in time.”

That collaboration has extended not only to other BAE SAI security research facilities, but to partnerships with commercial and government agencies. This approach allows the security research team to “develop a much more detailed picture around how these pieces of malware operate,” Searle said, noting the success of the approach in both the Shylock and Snake work.

“We can identify not just the individual behaviours of the malware itself, but also of the command-and-control networks, back-end servers, and the bigger picture of who is doing it and why,” he said.

“A key part of our success with Shylock and Snake was our ability to work closely with these vendor and agencies to give and receive valuable pieces of information to help us piece it all together. Part of that saw us providing frameworks to help vendors and other agencies develop their own tools and detection capabilities for that malware.”

Information-security experts tend to love an intellectual challenge, Searle said, but BAE SAI isn't the only company banking on the attraction of new security challenges in attracting the “complex skill set” required. Startup company Cylance was recently talking up the appeal of working to counter “near perfect” innovation in advanced persistent threats (APTs). And Symantec this month launched a broad expansion of its own Sydney security facilities in a managed-services push that is expected to lead to more than 20 new hires in the next 12 months.

This article is brought to you by Enex TestLab, content directors for CSO Australia.

Join the CSO newsletter!

Error: Please check your email address.

Tags directors for CSO Australialaw-enforcementSnake malwaregovernment agenciesCSOBAE SAIcyber-criminal activityShylock malwareCraig Searle (APAC Head of Cyber security)cyber securityEnex TestLabskypeAustralian security expertsinformation-security centresCSO Australiamalware fightInformation-security experts

More about CSOEnex TestLabSkypeSymantec

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts