Targeted cyber crime attacks on the rise
Criminals using info from social networks to attack specific organisations, says Kaspersky expert
Cyber crime attacks that are targeted at a specific organization are becoming an increasing threat according to a senior researcher for Kasperky Lab.
David Emm, senior regional researcher, Global Research & Analysis Team, Kaspersky Lab, said that there is an increasing proliferation of targeted attacks which are designed to hit one organization for financial gain, and that these attacks are frequently leveraging data taken from social networks for social engineering to gain access to systems.
Speaking to itp.net on the sidelines of the IDC IT Security Roadshow in Dubai, Emm said that the security problem still often comes down to lack of end user awareness.
“I think you still find within organizations that IT people, quite rightly, identify staff as the weakest link, but they identify it as people being dumb in some way. I don’t think they are, they are [just] not security people, and it has got to be education and giving general examples to staff like ‘Facebook is great, but did you realize that everything you share there could potentially fall into the wrong hands, and could be used to target you as an individual or us as a business?’ and just start to raise awareness about what the potential dangers are,” Emm said.
Companies should look to soft education of end users, to help them protect themselves at the same time as protecting the business, rather than technical training courses, and to involve HR in developing awareness programs.
While a determined targeted attacker would be very difficult to stop, Emm said that the IT security industry is keeping up with the threats through the introduction of proactive security solutions such as behavioural analysis of applications, sandboxes for research and heuristic technologies, which complement the traditional signature-based security software for multi-point applications. Other technologies, such as white-listing of applications that are known to be safe, and cloud-based security strategies, will also have an impact.
“It is proactive technologies which really are going to be useful in the fight against the targeted attacks…. white listing, if you can say that these applications are known to be good, their integrity hasn’t been compromised, then that is great as you don’t need to do all the CPU-intensive stuff like sandboxing if you know it is a good application. Having a balance of black list and white list is certainly beneficial,” he said.
For cloud-based security solutions, the speed of response is faster, the load on a company’s internal infrastructure is lessened, and as most cloud security services will simply scan for meta data to detect harmful files as they are transferring into an organization, there is not the usual concerns with cloud over where the data or application is hosted. Cloud also has an added benefit in that the security procedures used by the provider are kept private, rather than being software installed on an end-point or network.
Emm explained: “On an end point, we get to play our cards sort of in the open - cybercriminals get to see the technologies, they see what we are doing, even if they can’t reverse engineer the code, they know roughly what approach we are taking. With cloud-based analysis, they don’t.”
While Kaspersky was seeing some emergence of mobile malware, Emm said that out of a total of around 3,500 malware signatures the company writes each day, it is only currently adding around 20 mobile malware signatures per week.
“It is a trickle in terms of malware, but it is beginning to ramp up,” he commented: “Possibly the biggest threat right now from smartphones for businesses is the fact that corporate data is held on them and people lose them. Being able to lock the data that’s on there, being able to encrypt the data that is on there is every bit as important right now as keeping malware off there.”
Emm also called on government and law enforcement agencies to be more stringent in their penalties for cybercriminals to discourage them: “In technology we try to minimize the exposure, no mitigation can be 100%, it is about reducing your exposure. Beyond that, it is a question of we need government, law enforcement agencies to increase the risk for cybercriminals, to put them off,” he added.