Internet attacks get sophisticated

Paul Vecchiatto
By Paul Vecchiatto, ITWeb Cape Town correspondent
Johannesburg, 08 Dec 2010

Internet targeted attacks will shift even more from individuals to organisations, such as governments, corporations and other organisations, says Sergey Novikov, head of Kaspersky Lab's EEMEA Research Centre.

Novikov, who is currently visiting SA, says the advent of the Stuxnet botnet, the “Aurora” attack on Google and other corporations, the emergence of the first smartphone virus that attacked Android handsets, and the transition to 64-bit computing, means Internet-spread malware will become even more highly organised and targeted.

“These four types of attacks are heralding a shift in the way cyber criminals are being organised and how they are targeting more sophisticated targets,” he says.

Eye spy

The Stuxnet botnet was first identified in July and it is considered probably the most sophisticated malware of its type. The botnet spies on and reprograms industrial systems and it also incorporates a programmable logic controller rootkit.

Stuxnet is accredited, through media speculation, of delaying the start-up of an Iranian nuclear power.

“We won't comment on who developed Stuxnet, but we do believe there are only about 15 people in the world who can develop such a system, and none of them can do it by themselves,” Novikov says.

Kaspersky Labs says it does suspect a state was involved in the Stuxnet attack, and that the software used four zero-day vulnerabilities (the time from when a security hole is detected to when a patch is developed), and two stolen certificates were used to sign the software (thus making it appear legitimate).


The Aurora attack against Google targeted the US search engine giant and other corporations such as Yahoo, Juniper Networks, and Intel, at the beginning of the year.

Novikov says the attack was designed to gain access to personal data and corporate intellectual property, and was spread by using zero-day vulnerabilities in Internet Explorer and Adobe's PDF programs.

“Such targeted attacks do not need to use thousands of e-mails. Only one is enough. The targeted organisation is not aware that it has been targeted,” Novikov says.

He likens such attacks to a “lethal injection” and says that classic defence mechanisms, such as signature-based anti-virus software, are useless and that new defence mechanisms will be needed.

SMS attacks

The first SMS attack against Android smartphones that was recorded in August was a Trojan, which sent SMSes to premium rated numbers.

“As a system gains in popularity, then the amount of attacks against it grows,” says Novikov.

A similar trend is being seen with the growing prevalence of 64-bit computing with malware being developed and targeted at such systems.

“What people have to realise is that cyber crime is global and sees no borders. But law enforcement is hampered by a lack of international co-operation, different laws in various countries and the unco-ordinated effort by law enforcement agencies,” Novikov says.

He says cyber criminal gangs are becoming highly organised.

“They are evolving into groups with the equivalent of managers, software developers, and even psychologists to develop their malware,” Novikov says.