Malware attacks on the rise

By Alex Kayle, Senior portals journalist

Johannesburg, 27 Jan 2009

Malicious threats targeting companies are expected to increase this year, as cyber criminals use the economic downturn to their advantage.

This was revealed during the Dimension Data 2009 Perspectives conference, held recently at Sun City.

Neil Campbell, Dimension Data general manager for security, says there are tough times ahead as cyber criminals are becoming more aggressive in their attacks. “Vandalism has turned into hijacking, with cyber crime becoming a big business. Given the current economic circumstances, lack of compliance is a current contributor to the crisis.”

McAfee, a global security technology and solutions provider, released its 2009 threat predictions report showing that the top trend for the coming year is the exploitation of the financial crisis to scam users. Cyber criminals would develop Web sites equipped with fake financial transactions services, fake investment firms and fake legal services.

According to Symantec, the global economic crisis will be the basis of many new attacks. Malicious attacks are exploiting the credit crunch as Symantec's research shows that there is an increase in scams preying on the unemployed with spam designed to mimic job sites in the hope to retrieve personal information from a user.

However, Campbell predicts that security, as an IT industry sector, is well placed in the current situation. He foresees some draconian legislation being implemented around the world, such as the US Sarbanes-Oxley Act signed by former president George W Bush to enforce stringent governance, compliance and security measures against malware.

“Legislation will probably focus on levels of risk,” says Campbell. “One of the best ways to enforce good security through regulation is to demand compliance with a security standard such as the ISO 27 000 - the international security standard on best practices for information security management.”

Drastic measures

According to Campbell, today, IT is like an airport with large amounts of information coming and leaving an organisation. The mobile workforce is connecting devices such as BlackBerry, laptops, netbooks and USB devices into the organisation's network which is putting an organisation at risk to malware threats.

“In the UK, there has been a huge number of instances relating to data loss - most of them had good security, but it doesn't cut it to protect against a contractor losing devices with data.”

New approach

Campbell points out that Dimension Data is driving a security management approach to protecting IT. “We first do an assessment exercise for their risks and then we plan the projects. We then redesign the network architecture and build the solutions with our partners specific to the customer's needs and then move into operations management. We provide continuous support for our client to reduce risks and cut costs.”

Dimension Data's six partners are McAfee, Blue Coat, RSA, Check Point, which has acquired by Nokia's security business, Fortinet, and Cisco, which has acquired Iron Port.

Malware on the increase

Kaspersky Lab says that it expects an increase in malware this year and has detected more than 80 000 cases of viruses in November and December last year, according to its 2009 report. Virus.Win32.Sality.aa and Packed.Win32.Krap.b are on the top of Kaspersky's virus rankings.

Kaspersky showed that malware is taking on the mobile phone space. Trojan-SMS.Python.Flocker is the latest malicious program for Symbian phones. It sends SMS messages manipulating the user to transfer money from their account into a fraudulent account.

McAfee predicts that cyber criminals are targeting Web 2.0 and cloud technologies. In addition, mobile USB and flash-memory devices are being targeted. McAfee expects the trend of fraudulent online advertising and spam to increase.

Symantec's global intelligence network shows that there are now more malicious programs created than legitimate programs. It is expected that 2009 will see more advanced Web threats as the number of Internet services increases.

According to Symantec, malware threats are turning more aggressively towards social networks involving phishing for username accounts. Symantec predicts that spam will increase by 75% to 80% this year.

However, all is not lost as Symantec expects that technologies such as virtualisation will become incorporated into security solutions, especially for the banking industry.