Friday 19 September 2008

Eugene Kaspersky on the Latest Malware Trends

I was fortunate enough to catch up with the one and only Eugene Kaspersky this week. Eugene is one of the world's leading experts in the information security field, co-founder and CEO of Kaspersky Lab, the international information security software vendor and a technology leader in malware protection. (malware: malicious software such as trojans, viruses, keyloggers) protection.

It was a real privilege and honour to chat with the Moscow based Security Guru about the latest malware patterns, trends and threats being monitored by Kaspersky Lab. I do not use the term “Security Guru” lightly either, Eugene is a graduate of the Institute of Cryptography, Telecommunications and Computer Science and has conducted scientific research in these areas before entering the antivirus industry (before it was an industry) in 1991. This was after his interest in viruses was sparked when his own system was infected by the Cascade virus in 1989.

I remember my Commodore Amiga being infected by a boot sector virus around the same time, if only I had the same kind of vision back then. Actually one of the new trends being observed by Kaspersky Lab was the return of the old boot sector virus. The reason behind this trend is if the “bad guys” can load and execute the malware ahead of the loading of the operating system, OS security protection and antivirus, it makes it much easier to deliver the malware payload and avoid detection, and even actually prevent the security countermeasures from operating properly.

Kaspersky underlined a fact I myself have been preaching for a number of years now, in that the people behind these global malware attacks are becoming more professional, organised and are financially motivated, as opposed to being out to cause system crashes for kudos. The traditional idea of a teenage spotty faced kid sat in his bedroom bringing down TV networks for fun is a myth, these guys are in it for the easy money.

The evidence of this financial motivation can be clearly be seen in the Kaspersky Labs statistics, which shows 90% of Internet malware as being spyware trojans, designed to steal information, whether it be credit card details, login credentials or general personal details. No longer do cyber criminals have any interest in bringing down systems either, which is why only 5% of malware are the traditional “trouble making” viruses. These bad guys actually want their target systems to stay online for as long as possible, so they can be fully exploited. Such is the lucrative nature of these attacks and high rewards of this dark economy, the cyber criminals are even aggressively competing against each other, with malware actually attacking and "killing" other malware to gain supremacy. How much malware is out there to be protected against? Well today Kaspersky Labs are protecting against 1.250 million and rising, which shows the scale of the malware problem. I remember when my AV signature list had a couple of a hundred types of viruses listed in it, you could scroll through the list and look at the names and what they did!

I asked Eugene one particular question which has being puzzling me with Antivirus protection for some time…given that most malware is targeted against Microsoft operating systems and applications, which these days tend to offer better protection (arguably), how come malware trends are not shifting to target the lower hanging fruit more, in non-Microsoft operating systems, especially given the recent popularity and rise of freeware (Linux) and Apple systems in recent years. Eugene pointed out there was an increasing trend in the number of malware specifically targeting Apple systems, while on the Linux front, he said with a big grin, that Linux users tended to be more skilled, security savvy and wise, therefore less prone to being successfully breached by malware. In my own summary, the successful malware attacks occur against the "dumb users", who tend to be a Microsoft system, or increasingly an Apple system. This makes perfect sense, as after all the biggest gap in security lies between the keyboard and the back of the chair.

Eugene went on to say there was a shift towards malware specifically aimed at mobile devices. These days there is a lot of valuable information held on mobile devices, while typically they tend not to have good protection against malware, which can be delivered to the device through the Internet connectivity. On top of this mobile devices are being increasingly used for making payment transactions, with payment card information being highly targeted by cyber fraudsters.

Kaspersky also highlighted another very interesting global malware trend, which is being driven through the deployment of cheap hardware and fast Internet access to the developing parts of the world, the $100 laptop for example. New malware threats are increasingly originating from places like Latin American and Africa. However over 50% of malware is still coming from out of China, but the overall problem is still rising. Kaspersky went on to describe a “division of labour” in the malware black market, with cyber criminal groups specialising in different areas and collaborating. Typically groups are dividing and specialising in areas such as writing the malware code, malware deployment, malware management (those bot-herders) and data hijacking/data mining, which really underlines how organised this black market is now becoming. Also Kaspersky Lab has observed general differences in the types of malware targets around the globe, with South East Asia specialising in online gaming fraud, Latin America developing banking Trojans, while Russia appears to be the place where a lot of malicious code is written and sold on.

Fascinating stuff and it goes to emphasize the importance of running antivirus or a complete security suite on your computer systems, and ensuring such systems are automatically kept up-to-date. So there you have it, Eugene Kaspersky, Security Guru and a great down to earth guy, I thoroughly recommend going to hear him speak if you get the opportunity.

You can obtain a Free Trial of the awarding winning Kaspersky Internet Security 2009

Sunday 7 September 2008

Credit Crunch to drive UK Cyber Crime

As the effects of the “global credit crunch” starts to take hold in the UK, it is evident to me that UK focused “Cyber Crime” will sharply increase as a result. Over the past ten years the UK economy has been in a honey-moon period, and doing relatively well, with the GDP growth out pacing the rest of EU. The good and steady economic environment has resulted in low unemployment figures for much of the last decade. You really have to go back to the late 1990’s since the last major loll in the UK economy.

In comparison, mass market cyber crime for financial gain hardily existed ten years ago, and certainly was not on the radar during the last major recession in 1990’s. Over the last decade Internet access and usage for the average UK person has radically changed, thanks to the explosion of broadband, which in turn has resulted in providing cyber crime opportunities around every corner.

Within the Security Industry it is commonly known hackers have been increasinly focusing their efforts on attacks which yield financial rewards as opposed to the traditional attacks for the challenge, fun, or kudos. For example the number of original viruses being created for the sake of causing disruption, which often has no financial benefit for the perpetrator has been dropping, while attacks for financial gain for the perpetrator, such web application attacks, phishing Emails and key loggers installations have been rapidly raising in the last few years. On the back of this, the amount of personal information being placed and made available on the internet is increasing, providing a rich gold mine for cyber fraudsters and identity thieves.

There are many analysts and reports stating economic slowdown and raising employment results in increases in crime, and in particularly fraud crime. Fraud crime fits cyber crime like a glove. Putting this economy and crime trends together with the trends in security and cyber crime with financial motivation (fraud), since the last major economic slow down in the UK, I can only conclude one obvious outcome, namely the credit crunch will drive a serious increase in cyber crime in the UK. It will be very interesting to see if the future official figures on UK online card fraud reflects this trend. Just about every person I have spoken to about cyber crime fraud in recent months has themselves, or knows a family member, friend, or work colleague, who has been "done" with credit card fraud as a result of something which occurred online during the last 12 months.

So I urge everyone in the UK to buckle up their anti-malware software, check their paper shredders, to be eagle-eyed reviewing credit card/bank statements and to keep extra vigilant when online as we sail through the choppy water of the credit crunch.