In just five years, malware construction kits will be so easy to use, and embedded processors will provide such easy targets, that a disgruntled paper boy might hack your refrigerator.
This bleak picture was painted by Michael Fey, McAfee's worldwide senior vice president of advanced technologies and field engineering, at the company's Focus 11 information security conference in Las Vegas last week.
The scenario is, of course, meant to provide background for McAfee's marketing efforts. That's the entire point of these vendor conferences. Lo and behold McAfee's DeepSAFE technology, developed in conjunction with its new owner Intel, just happens to provide a defence against this new breed of stealthy malware.
Advanced persistent threats (APTs) is the buzz phrase.
Naturally, McAfee has a whitepaper (PDF) with more details. Even McAfee's recent report on Operation Shady RAT (PDF), which we discussed on the Patch Monday podcast a few weeks ago, helps sell this message.
But do we really need yet another layer of defensive technology? After all, Australia's own Defence Signals Directorate (DSD), the organisation responsible for the protection of the country's government and military networks, says that 85 per cent of the successful attacks it's investigated would have been defeated by following four basic strategies — none of which need DeepSAFE.
So, take McAfee's message with a grain of salt, turn up your BS detectors and take from the company's conversations what might be of value for you and your organisation.
On Patch Monday this week we'll hear Fey's view of 2016. Also, an explanation of how APTs are a three-stage attack from Greg Brown, vice president in charge of marketing McAfee's network products. And Jon Carpenter, McAfee's anti-malware competitive review manager — how do you like these corporate titles? — who taught me how to create malware and construct botnets in just one hour.
To leave an audio comment on the program, Skype to stilgherrian or phone Sydney (02) 8011 3733.
Running time 47 minutes, 32 seconds
Stilgherrian travelled to the Focus 11 security conference in Las Vegas as a guest of McAfee.