Computer Security We Have Achieved

Computer Security

We have achieved great strides in computer technology but there is also a corresponding rise in cybercriminals employing new and sophisticated methods of attacks. Cybercriminals do not just do it for fun or fame anymore but are getting more professional and monetizing their skills. Exploitation of web application and browser plugin vulnerabilities, Phishing, identity theft and stealing of valuable personal and financial information are some of the major issues. As always, prevention is better than cure. Updating antivirus software, operating system and other software regularly and using sensible precautions such as regular backups would certainly eliminate the risk or atleast minimize the damage of malware attacks.

Introduction

The first decade of the new millennium was marked by a phenomenal growth of the Internet and its many applications. Information technology has achieved a paradigm shift casting its influence in almost all spheres of our lives. However, this unprecedented growth of the Internet has also spurred the development of new malicious technologies in the form of viruses, worms, bots and Trojans that are used to illegally attack and exploit the software and hardware vulnerabilities. Cybercrime has become ubiquitous with cyber criminals using network worms, Trojans, spyware, keylogger software, rootkits, and a variety of other professional attacking tools for financial gain or even political reasons. Tackling these Computer security issues the antivirus industry has developed into a niche field offering several products for Internet security solutions. Today the antivirus market is flooded with many players competing in a continuously changing and challenging domain. [Eugene Kaspersky] Notable among these include Symantec, NOD32, Kaspersky, McAfee, etc. A brief overview of the annual security reports published by some of these companies reveals critical information pertaining to the trends in the changing threats to the Internet security and how continuous research and evolution of the security programs are stalling the efforts of the nefarious cybercriminals.

Cybercriminals: More Professional

Just as we are achieving great strides in computer technology there is also a corresponding rise in cybercriminals employing new and sophisticated methods of attacks. As Arthur Wong, security expert and senior vice president, Symantec Security Response states, "The Internet threats and malicious activity we are currently tracking demonstrate that hackers are taking this trend to the next level by making cybercrime their actual profession, and they are employing business-like practices to successfully accomplish this goal.." [Symantec, (2007)]Increasingly cyberattacks are becoming broadbased focusing on well-trusted social networking websites by exploiting vulnerabilities in the programs and through them attacking their end users. A recent instance is the concurrent attack on Facebook and Twitter, two of the world's popular online social networks using 'Denial of service attacks'. Twitter co founder Biz Stone reported, "We are defending against this attack now and will continue to update our status blog as we continue to defend and later investigate," [Alexi Oreskovic, 2009]

The Symantec report reveals that 2008 witnessed the highest ever malicious code threats with Symantec detecting a record 1,656,227 threats that is almost 60% of the threats the company has detected over the last several years. This proliferation of virus signatures is an indication of how intent and professional cybercriminals are becoming and how important it is for endusers to keep their anti-virus program updated. [Symantec, (2009) pg. 55] the Symantec report further indicates that the trend of attack is more towards the client side than the server side. Over 95% of the attacked vulnerabilities in the year 2008 were on the client side with the server side constituting only 5%. [Symantec, (2009) pg. 52] Educational institutions were found to be the most affected in terms of data breaches accounting for 27% of all data breaches in 2008. [Symantec 2009, pg. 20]

NOD32, (from Eset) another industry leader in computer security solutions has reported that there is a huge increase in fake anti-virus and malware products. The ESET report for 2008 shows that increasingly cyber criminals are targeting PDF and other forms of data files to spread malicious codes. Compromised PDFs carrying malicious links are the new form of attack. The report also indicates that most forms of malicious software use the windows autorun feature to their advantage for gaining entry into the host computer. The report also includes Win32/Toolbar.MyWebSearch and the Trojan Virtumonde as some of the most common malwares of 2008. [ESET, 2008, pg. 22] Among the email attachment-based malwares Netsky, Mytob and Bagle which use social engineering techniques are the top three for 2008. [ESET, 2008, pg. 25] Both Symantec and ESET reports agree that trend of using email attachments for the spread of malware is on the decline (31%) and this is attributed to the increased availability of free email scanning virus software. Instead the propagation of malicious software is now increasingly based on the peer-to-peer networks and other file sharing systems. [Symantec, 2009-page 69]

The Win32/Conficker, a network worm was seen high on the list for 2008 . This worm, which exploited the RPC subsystem of the operating system, could disable the firewall and used the open port to activate a HTTP server. [ESET, 2008, pg 15] Though Microsoft released the patch in Oct 2008, pirated softwares, which do not have update capabilities, are still prone to such attacks. Norton also reports this RPC vulnerability as the top high-severity vulnerability for 2008 that allowed the hacker to run codes remotely. More than one million systems were affected by the Downadup worm using the above-mentioned vulnerability. [Symantec, 2009-page 7] Malware disguised as video codecs such as Win32/GetCodec.A is also on the rise this year. Typically, these programs are infected video downloads that require the user to download some special codec file which is nothing but a masqueraded Trojan file. [ESET, 2008, pg 12] the top 5 of the ten Staged Downloaders for 2008 were Trojans. Brisv Trojan was the most popular Trojan of 2008 and early 2009. It is reported that this particular Trojan affected more than 1.6 million computers converting all the mp2, mp3 files into WMA format and then injected the file marker with a malicious URL. This implies that whenever the file is opened with windows media player the user is taken to the particular malicious website exposing the computer to further malware attacks. [Symantec, 2009-page 57]

Browser Toolbars and other plugins

ESET projects that popular browsers will be the most targeted software for malware attack in the future. As browsers can be used to lure the unwary customer to the malicious websites they lend themselves naturally to attacks by malwares. [ESET, 2008, pg. 8]. Statistics from the Symantec 2008 reports indicates that active X-based controls are the leading cause for browser plugin vulnerabilities. There were a total of 415 browser plugin vulnerabilities in the year. [Symantec, 2009-page 14] the recent "browse-and-get-owned attack" reported by Microsoft security engineer Chengyun Chu is a case in point. As Chu said, "A user needs to be lured to navigate to a malicious Web site or a compromised legitimate Web site to be affected. No further user interaction is needed.." [Thomas Claburn, 2009] in 2008 there were a total of 9 zero day vulnerabilities and Internet explorer was involved in 6 of these attacks. [Symantec, (2009) pg.49] . With increasing use of mobile devices the attention of cyber criminals has turned on to these devices.

Increased attacks against mobile devices such as Iphones and mobile browser attacks are expected in the coming year. ESET also reports that 2008 saw increasing use of obfuscation techniques to avoid malware detection. Runtime packers such as Themida are also used to evade detection. [ESET, 2008, pg 7]

Phishing

Phishing and mule scams are the top email nuisances. Financial sector was the worst affected by phishing scams with almost 76% of phishing schemes targeting this sector. [Symantec, (2009) pg. 75] Reports from both these popular antivirus companies indicate that fake antivirus software and majority of the phishing lures are from Russia and China. Typically Phishing is done by way of unsolicited emails that request people to visit a particular financial institution's website posing as a legitimate service routine from the institution. The unwary customer then divulges all his personal information not realizing the scam. Phishing results in severe economic loss and stealing of personal identity. The security reports also indicate online gaming sites as the new focus of attackers. Win 32/PSW.OnLineGames.NMY was the leading malware for 2008. This is a group of malicious keyloggers and other rootkits that are capable of stealing personal information of users involved in online gaming. They are used extensively to steal virtual assets that can be traded into money. [ ESET, 2008, pg 13]