| Crimeware: How to protect yourself
16 April, 2007
By Chris Talbot
Malware threats that will be stealthier in their
approach to stealing money may have a stronger hold
overseas in Europe and Asia, but North America is
the number one target. According to two security vendors,
the threats are likely to become more of a problem
in North America this year.
The U.S. is leading the world in the number of systems
that have been compromised, said Brian Grayek, vice
president of threat research at CA. The reason for
this is simple: There are many consumers connected
to the Internet that don't have any ideas their systems
have been compromised.
"People just have absolutely not a clue,"
Grayek said.
The market for personal firewalls and anti-spyware
is growing in a linear way -- it's growing straight
up, he said. Most people know they have to have anti-
virus, but he estimated that less than five per cent
are running a personal firewall and less than 50 per
cent are running anti-spyware software.
"It's the enemy within thing," Grayek said.
Spying 101 is getting a mole inside, but with stealthy
malware, all a hacker has to do is use that malware
to get onto someone's machine. As soon as that happens,
the hacker is inside the business (or home).
"I truly believe the only way we can fight this
is through education," Grayek said.
For businesses and individuals looking to protect
themselves, the first thing they should do is throw
trust out the window, Grayek said. If an e-mail arrives
from somebody, the receiver should ask him/herself
if it comes from a legitimate source.
As for invisible malware that has made its way onto
Web sites (yes, even legitimate Web sites), Grayek
suggests checking out Web sites that rate the security
and malware levels of other Web sites.
"Paranoia is a good thing in some areas,"
Grayek said.
Specifically, what can businesses -- especially financial
institutions, which will likely be victimized first
-- to do to protect themselves?
"If I can sum it up in a sentence, I'd say protect
the information," said Uriel Maimon, office of
the CTO at RSA.
IT administrators in charge of security should forget
about where they're securing the data and look very
closely at what data they're actually securing, he
said. They need to understand what the problems are
going to be if certain data is compromised and then
properly protect that data.
"Follow the information. Don't follow the infrastructure,"
Maimon said.
A layered approach to securing data is also important,
he said. Much as everyone would like one, there is
no silver bullet application that protects everything.
The first level to security is when the threat is
still outside of the organization, Maimon said. The
phishing scams and Trojans aren't in the organization's
sphere of control. Additionally, it has no control
over customers and what they bring to the site.
"You need to control something that's basically
out of your control," he said.
RSA offers anti-fraud services that attempt to shut
down the lines into organizations before malware can
do any damage. By the time it gets to an organization's
doorway, it could already be too late, Maimon said.
The second layer of protection is the point at which
people log into the network. Strong authentication
at a financially reasonable level is a good defence,
he said.
"Every bank in the world could ship one-time
tokens to all its customers, and that would single-handedly
wipe out any profit that bank would have by having
online banking services. ... But you'll have the most
secure online banking service that is possible,"
Maimon said.
Instead of giving authentication tokens to every
customer, financial institutions could give them to
high-risk users, such as those with an account that
is a juicy target, he said.
The final layer is monitoring the actual transactions
being done so that if any malware slips in while a
user is accessing his/her account, it will be stopped
before it can do much damage, Maimon said.
Small business and home users should educate themselves
on how widespread the problem is and how it could
affect their finances. For the most part, they won't
know when a stealthy piece of malware continues a
session after they log out, and they're unlikely to
find out for some time.
Additionally, knowing what authentication and security
their banks use will help them understand how at risk
they are, Maimon continued. They may want to consider
doing their banking where they're better protected,
especially since the liability of losses depends greatly
on their geography.
For channel resellers, this represents a significant
opportunity. Products from the likes of RSA, CA and
other security companies are available. Education
is key.
"Besides the fact that this is a problem that
bothers everyone, I think that the channel and the
resellers should know these solutions are out there
and can be sold through the channel," Maimon
said.
Rootkits and Trojans are a big threat, and they're
likely to be at the top of the security threats lists
in 2007, Grayek said.
|
