Bacteria and Malware Evolution

Research in how bacteria communicate and cooperate may be the future lessons of how computer malware evolves.

Bacteria and malware evolution

I recently watched a fascinating presentation by Bonnie Bassler on how bacteria communicate.

My information security brain started thinking of the similarities between the evolution of computer malware and bacteria.  Bacteria over the course of billions of years, devised the most efficient way to communicate, survive, and even destroy large and complex systems.  This may be the most logical path for the successful evolution of computer malware and a peek in the future of information security challenges.

Bonnie is a passionate and articulate speaker who outlined how these simple single cell critters work as a team to coordinate activities in a perfectly synchronized manner.  Their actions are stealthy, methodical, and can accomplish incredible objectives through teamwork on the scale humans have never achieved.  They infect, quietly multiply, and wait.  Bacteria independently determine the size of their community and decide to act based upon rudimentary communication and awareness.  When conditions are right, a level of potential virulence is attained, they team up in the billions and act in a choreographed manner.  And they do it simultaneously to bring down their target.

In many ways, computer malware act similarly to bacteria.  Malware infects computers which are part of a large community.  Malware and bacteria want to remain stealthy until ready to strike.  Malware exists as basic lines of code with simple rules.  Bacteria are organisms which behave in simple ways.

We are seeing the malware industry evolve with more ambitious goals.  Infection of a single node in a network is no longer sufficient to achieve desired objectives.  Malware must be developed to meet new challenges.  Bacteria are the masters at infiltration, stealth and surprised coordinated attacks against behemoth adversaries.  In the future, malware may take some lessons from it biological doppelganger.

So how may malware evolve?

Malware design may shift to very small autonomous pieces.  Modern malware is generally a single package of standalone code which may exist as a file or attach itself to other code.  Deciphering of this complete nugget will typically reveal all its secrets.  In the future such code may be broken up like pieces to a puzzle.  Each piece means very little and appears harmless. Only when they come together does the malevolent picture come into view.

Code will replicate itself and seek deeper penetration to all manner of systems.  With little risk of the big-picture exposure, these pieces can be distributed and replicated much more.  Computer environments are full of innoxious code such as temp files, random packets, application remnants, and unneeded data.  Most code and data is ignored unless deemed dangerous.  These pieces can quietly infiltrate many different operating systems, applications, data, and communication traffic of clients, servers, storage, and network devices without raising alarm.

Malware will be very quiet, acting locally and not attempting to communicate outside of the environment.  Much of today’s malware is detected as it attempts to communicate with command and control systems outside of the target network.  Evolution of malware code will be harmless, quiet, and unnoticeable until the right success conditions are met.  Local community awareness via ‘quorum sensing’ between the pieces within a target environment would likely not be detected.  Only when the right elements are in place will the pathogenicity be realized as unified activation is initiated and virulence is rapidly achieved.  This will offer little chance for security to offer a meaningful response.

Malware has a lot to learn from its slimy cousin.  Maybe someday malware writers will become as smart as these microbes.  On the upside, security can learn from the same teachers.  Just don’t blame our microscopic symbiants of malice, as we exist in their world.  The battle continues.

Published on Categories Archive
Matthew Rosenquist

About Matthew Rosenquist

Matthew Rosenquist is a Cybersecurity Strategist for Intel Corp and benefits from 20+ years in the field of security. He specializes in strategy, measuring value, and developing cost effective capabilities and organizations which deliver optimal levels of security. Matthew helped with the formation of the Intel Security Group, an industry leading organization bringing together security across hardware, firmware, software and services. An outspoken advocate of cybersecurity, he strives to advance the industry and his guidance can be heard at conferences, and found in whitepapers, articles, and blogs.