Kaspersky warns of growing internet threats

Employees who open spam mails, use own devices at work risk contaminating company

Tags: HackingKaspersky LabSpam
  • E-Mail
Kaspersky warns of growing internet threats Costin G Raiu, director, Global Research and Analysis Team, Kaspersky Lab warned that if employees use their personal mobile device to send or read corporate emails, use the same device to access personal emails and social networking, or connect to public networks, they may be putting their company and their personal data at risk.
By  Georgina Enzer Published  July 20, 2011

If employees use their personal mobile device to send or read corporate emails, use the same device to access personal emails and social networking, or connect to public networks, they may be putting their company and their personal data at risk, according to Costin G Raiu, director, Global Research and Analysis Team, Kaspersky Lab.

According to Raiu, 30% of all companies think they are specifically targeted by cyber-attacks, while just 9% of companies admit to having been the victim of at least one targeted attack. Both these figures are very low, either due to companies not noticing they have been broken into, or companies not disclosing attacks he added.

"These are tailored attacks designed to break into your organisation and steal you secrets. Many companies do not want to talk about it," said Raiu.

Emails are a hacker's main tool for breaking into companies and personal data, and while many people have been taught not to open suspicious emails, there are many who still do, which can lead to major data breaches, such as the one that happened at top internet security firm RSA.

Uri Rivner, head of New Technologies, Identity Protection and Verification at RSA told Kaspersky that the hack happened after two small groups of employees were sent an infected email containing a word document. The email was marked as spam and put into the spam folder, but one of the employees opened it, allowing his computer to be remotely accesses by the Poison Ivy Tool. This tool is designed to gather intelligence and intellectual property on the network and then uploaded it to an external FTP site.

The RSA attack in turn led to the attack on Lockheed Martin.

When hackers broke into RSA, they gathered information from the RSA networks, such as the RSA secure ID public keys and cryptography algorithms. The ID public keys were used by Lockheed Martin and were easily broken into and information stolen.

While many users think that immediately deleting spam messages is the best option, Kaspersky suggests that instead they should be emailed to a company's or user's internet security provider for analysis, so it can find out how and why the attack is being perpetrated.

Raiu says that there are certain hallmarks of a spam message that must be heeded, such as an email from an unknown name or source, an odd subject material or a strange email address.

He stated that users must never open any attachments that come with an email that is likely to be spam; it may contain viruses that can steal data.

Another cautionary tale is that of HB Gary Federal, the US-based firm that provides tools and services to the US government.

"The CEO, Aaron Barr was planning to sell the company and claimed that he had infiltrated a notorious hacker group and knew the names of some of its members. Hackers then broke into the company website, and copied 20,000 emails from Greg Hoglund [HB Gary Federal founder] and Aaron from the network and published them. It severely damaged their reputation and now the company is worth less then one dollar," said Raiu.

The reason they were hacked was because Barr and the COO Ted Vera user very simple passwords containing six lower-case letters and two numbers and used those same passwords everywhere, Twitter, email and Linked-In. Vera even used the same password for the company's Linux server.

Raiu says that it is vital to use different passwords on all online accounts and company accounts.

Raiu laid down some ground rules for internet users on how to survive targeted attacks. He said that users should not open attachments in weird emails if they are word, Powerpoint or Xcel files and recommended that users began to upgrade their systems to the Windows 64-bit system, which he says is the safest choice for Windows.

He also recommended Google Chrome for web-browsing, as it is the safest browser yet, he said.

"Hackers have been able to break Safari and Firefox, but not Google Chrome, because it has good security architecture, and they release updates five or six times a month. Apple updates Firefox once a month or twice a month. Do not use Safari, it is full of bugs," said Raiu.

Raiu urged people using the internet while travelling to use a VPN and use complex passwords.

Mac, according to Raiu is not safer than Windows, and is beginning to be attacked more frequently. He said that Apple is usually months behind in patching publicly disclosed vulnerabilities.

"Many people say Mac OS is safer. This is actually false if you judge it from targeted attacks. There are quite a few problems with Macs, but some people have to use Mac OS. I believe Apple is now at the same level as Microsoft was in late 90s, 2000s for security. If you really have to use Mac OS, use 64 bit Mac OS, which has to be manually loaded," said Raiu.

For those people who use a smartphone, he said that if a user watches movies, or YouTube online, their device is probably not secure.

"I can recommend to not jailbreak your mobile device, do not use public Wi-Fi, do not install applications from unknown sources, and do not use simple passwords. Compromising a smartphone can be easier then Mac or PC," said Raiu. "What I think is really important here, if you have to use a smartphone, make sure you have a remote wipe solution so you can erase everything."

Kaspersky is currently working on a security solution for tablets which run on Android, because of the growing popularity of the OS.

Social networking is becoming more and more insecure and Raiu said users must protect themselves on Facebook by enabling their security options.

"There is an option called log-in approvals, when a new computer logs into my account, it sends a code to my mobile phone. There is also an option to only browse on secure pages, and the same is on Twitter," he said.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code