Given all this, how can an organization protect itself from the threats posed by malnets? The key, Van Der Horst says, is a proactive cyber defense that goes beyond today's largely signature-based defenses. A proactive cyber defense identifies the malnets delivering attacks and blocks them at the source, preventing attacks before they're launched.
"The primary thing that we do is we track their infrastructure," Van Der Horst says. "Even though they may change the paint or some labels, there's still underlying core stuff we can track. We call it server DNA. A brand new website may show up today, we do a scan of it and inspect its DNA."
"Once you start tracking the ecosystem, this infrastructure, you care less and less about the specific payload it's trying to deliver," he adds. "It doesn't matter what the exploit is, you know it's coming from a bad place."
Van Der Horst suggests five steps organizations can take to better protect themselves against malware threats:
1. Use a security solution that can block malnet infrastructures and limit employee exposure to botnet-producing Trojans.
2. Ensure your security solution can block communications from infected end-user systems to command and control servers to prevent sensitive, confidential or proprietary information from reaching the cyber-criminals.
3. Ensure that web usage policies are up-to-date and keep network/firewall rules current.
4. Deploy a reporting solution that can help you identify potentially infected end-user systems so you can quarantine and clean them.