Friday, 19 September 2008

Eugene Kaspersky on the Latest Malware Trends

I was fortunate enough to catch up with the one and only Eugene Kaspersky this week. Eugene is one of the world's leading experts in the information security field, co-founder and CEO of Kaspersky Lab, the international information security software vendor and a technology leader in malware protection. (malware: malicious software such as trojans, viruses, keyloggers) protection.

It was a real privilege and honour to chat with the Moscow based Security Guru about the latest malware patterns, trends and threats being monitored by Kaspersky Lab. I do not use the term “Security Guru” lightly either, Eugene is a graduate of the Institute of Cryptography, Telecommunications and Computer Science and has conducted scientific research in these areas before entering the antivirus industry (before it was an industry) in 1991. This was after his interest in viruses was sparked when his own system was infected by the Cascade virus in 1989.

I remember my Commodore Amiga being infected by a boot sector virus around the same time, if only I had the same kind of vision back then. Actually one of the new trends being observed by Kaspersky Lab was the return of the old boot sector virus. The reason behind this trend is if the “bad guys” can load and execute the malware ahead of the loading of the operating system, OS security protection and antivirus, it makes it much easier to deliver the malware payload and avoid detection, and even actually prevent the security countermeasures from operating properly.

Kaspersky underlined a fact I myself have been preaching for a number of years now, in that the people behind these global malware attacks are becoming more professional, organised and are financially motivated, as opposed to being out to cause system crashes for kudos. The traditional idea of a teenage spotty faced kid sat in his bedroom bringing down TV networks for fun is a myth, these guys are in it for the easy money.

The evidence of this financial motivation can be clearly be seen in the Kaspersky Labs statistics, which shows 90% of Internet malware as being spyware trojans, designed to steal information, whether it be credit card details, login credentials or general personal details. No longer do cyber criminals have any interest in bringing down systems either, which is why only 5% of malware are the traditional “trouble making” viruses. These bad guys actually want their target systems to stay online for as long as possible, so they can be fully exploited. Such is the lucrative nature of these attacks and high rewards of this dark economy, the cyber criminals are even aggressively competing against each other, with malware actually attacking and "killing" other malware to gain supremacy. How much malware is out there to be protected against? Well today Kaspersky Labs are protecting against 1.250 million and rising, which shows the scale of the malware problem. I remember when my AV signature list had a couple of a hundred types of viruses listed in it, you could scroll through the list and look at the names and what they did!

I asked Eugene one particular question which has being puzzling me with Antivirus protection for some time…given that most malware is targeted against Microsoft operating systems and applications, which these days tend to offer better protection (arguably), how come malware trends are not shifting to target the lower hanging fruit more, in non-Microsoft operating systems, especially given the recent popularity and rise of freeware (Linux) and Apple systems in recent years. Eugene pointed out there was an increasing trend in the number of malware specifically targeting Apple systems, while on the Linux front, he said with a big grin, that Linux users tended to be more skilled, security savvy and wise, therefore less prone to being successfully breached by malware. In my own summary, the successful malware attacks occur against the "dumb users", who tend to be a Microsoft system, or increasingly an Apple system. This makes perfect sense, as after all the biggest gap in security lies between the keyboard and the back of the chair.

Eugene went on to say there was a shift towards malware specifically aimed at mobile devices. These days there is a lot of valuable information held on mobile devices, while typically they tend not to have good protection against malware, which can be delivered to the device through the Internet connectivity. On top of this mobile devices are being increasingly used for making payment transactions, with payment card information being highly targeted by cyber fraudsters.

Kaspersky also highlighted another very interesting global malware trend, which is being driven through the deployment of cheap hardware and fast Internet access to the developing parts of the world, the $100 laptop for example. New malware threats are increasingly originating from places like Latin American and Africa. However over 50% of malware is still coming from out of China, but the overall problem is still rising. Kaspersky went on to describe a “division of labour” in the malware black market, with cyber criminal groups specialising in different areas and collaborating. Typically groups are dividing and specialising in areas such as writing the malware code, malware deployment, malware management (those bot-herders) and data hijacking/data mining, which really underlines how organised this black market is now becoming. Also Kaspersky Lab has observed general differences in the types of malware targets around the globe, with South East Asia specialising in online gaming fraud, Latin America developing banking Trojans, while Russia appears to be the place where a lot of malicious code is written and sold on.

Fascinating stuff and it goes to emphasize the importance of running antivirus or a complete security suite on your computer systems, and ensuring such systems are automatically kept up-to-date. So there you have it, Eugene Kaspersky, Security Guru and a great down to earth guy, I thoroughly recommend going to hear him speak if you get the opportunity.

You can obtain a Free Trial of the awarding winning Kaspersky Internet Security 2009

No comments: