A recent hack by a gang of Russian cybercriminals is believed to have collected some 1.2 billion login credentials, including more than 500 million unique email addresses, from more than 420 000 websites all over the world. This is just one attack amongst many that highlights the fact that cybercrime has become organised and professional, and a real threat to business operations going forward. The simple truth is that traditional anti-virus is not enough anymore, since hackers are outpacing the technology and are channelling resources into staying ahead of the curve.
That said, traditional anti-virus companies are not sitting idly by and now provide new business offerings to cover aspects such as enhanced security, application control, BYOD set-up and the mobile workforce. David Emm, senior regional researcher at Global Research & Analysis Team at Kaspersky Lab, notes that just several years ago a simple anti-virus was good enough to protect IT infrastructure. Now, however, the company is seeing a growth in targeted attacks on corporate IT infrastructures.
“Many of the methods used earlier for attacking home users, are now used by cybercriminals in attacks on businesses, especially in the financial sphere and internet trade,” he says. According to Kaspersky Lab’s research into the evolution of phishing threats, every fifth phishing attack registered between May 2012 and late April 2013 targeted users of banks and other financial organisations.
Business is the target
The next trend on the increase is cyber weapon usage, as well as targeted attacks on corporations and governmental institutions which are becoming more significant. In fact, Gartner research shows that the days of traditional endpoint security – discrete anti-malware, encryption, device and network access control – are coming to an end. “Endpoint protection platforms (EPP), promising tightly integrated security technologies are the growing trend in data protection. Solutions combining AV-scanning engines with system firewalls and advanced protection technologies such as HIPs, web protection and cloud-based reputation databases are the new ‘standard’ offering,” Emm noted. “What Kaspersky Lab offers is a single solution using all aspects of endpoint security – including policy management, application control, encryption, mobile device security and systems patch management all working together in unison,” he says.
Michael Ingoldby, sales engineer team leader at McAfee South Africa, says that the increase in new malware samples is significant and traditional anti-virus, which uses a black-listing approach, is not able to scale. “A paradigm shift is needed.McAfee has moved to include signatureless protection technologies like Host Intrusion Prevention (HIPS) and white-listing in the form of McAfee Application Control (MAC). “We have started to tighten the link between our Global Threat Intelligence service, a cloud-based threat intelligence feed, and our endpoint products by moving large numbers of the older virus samples into the cloud. This is commonly referred to as the Zoo, opposed to new and emerging threats called the Wild,” he notes.
New ways of fighting
Both Emm and Ingoldby agree that all sectors within the economy are vulnerable, whether you are a home user/ consumer or a well-funded organisation. Essentially, all information, either of personal or business nature, may be of value to malicious insiders or outsiders. There are, however, criminals who specialises in targeting financial organisations, telecommunications, or utilities and energy for example. Anti-virus vendors are putting vast amounts of resources into the fight and are continually adding additions to their product suites. Ingoldby says that McAfee has added Enterprise Mobility Management for BYOD, and Application Control. “We have also included Deep Defender which provides advanced rootkit protection from below the operating system by integrating with Intel Core-i series chips to protect users before the operating system is even booted.
“Emm on the other hand, says that effective protection requires more than a suite of products bundled together. Specifically, it’s essential that security features don’t operate in isolation, but are dove-tailed together to optimise security. “This means, for example, that results of sandbox analysis, behavioural analysis, firewall, exploit prevention, and more, all share data, so that the product is able to build up a composite picture of the reputation of an object being analysed – including over time, so that data from session to session is included. We now analyse more than 300 000 new unique samples every day. So clearly the use of proactive technologies is essential; and this must include integration into a cloud service.”
Riches, Ruins and Regulations
Unfortunately, the days of an out of the box, one size fits all solution are gone. The combination of technologies needs to match the asset being protected. “At McAfee we follow the idea of Riches, Ruins and Regulations,” says Ingoldby. “This allows us to match the combination of technologies to the profile of the asset being protected. Riches tells us the value of the asset being protected, financially what do we gain through success or lose if we fail? Ruins tells us about brand or reputation damage, often this cost is incalculable. Regulations talks about the need to comply to internal, industry or legal requirements, this usually carries penalties and disclosure requirements in the case of a breach,” he states. Emm echoes this sentiment and notes that small to medium sized firms face the same security risks as large enterprises. They do, however, lack in-house technical expertise and the time and resources required to manage protection of their endpoint devices. “Not all is lost though. There are affordable solutions tailored for their needs – specifically, making it easy for them to install, configure and manage protection. This means they can be up-and-running quickly and see at-a-glance the status of all computers – without expert knowledge,” he concludes.
- In the period of January-June 2014 Kaspersky Lab products detected over 1 516 800 internet-borne malware incidents on the computers of Kaspersky Security Network (KSN)
- Overall, 20.7% of users were affected by web-borne threats during this period.
- South Africa is 112th worldwide when it comes to the dangers associated with surfing the web
- Compare the same period of 2013 , 2 080 501 internet- borne malware incidents were detected in the first half of 2014
- January –June 2014 Kaspersky Lab detected 8 552 900 local malware incidents on the computers of KSN participants in South Africa, Compared to 4 042 373 in the first half of 2013 originating from local networks, USB’s and DVD’s, and more.
- Overall, 35% of users in this country were affected by local threats during this period.