| 19 |
| Jul |
Article by Guest blogger
Filed under: data leakage,data protection,Family Safety,Opinion,Underground Economy | RSS 2.0 | No Comments |
When will we finally win the war on cyber crime? It’s a question that many people may be wondering given that the war itself has been rumbling along for more years now than most can probably remember. The problem is that there’s unlikely ever to be a unanimous victor – the best that we can hope for is to limit the capacity of the bad guys to cause trouble as much as possible. But if we’re going to do this we’ve got to pull together like never before.
Cyber crime has evolved into something much more dangerous, more global and more pervasive than anyone could have possibly predicted 20 years ago. Gone are the script kiddies, spreading fairly innocuous viruses from their bedroom laboratories. Our foe now is well-resourced, highly organised, geographically dispersed and incredibly agile. Cut off one head of this virtual cyber hydra and two more spring up in its place – as long as there’s money to be made or advantage to be gained, cyber crime will flourish.
In more recent years, technology has democratised the means to launch cyber attacks, making it no longer the preserve of technical experts, while at the other end, advanced persistent techniques have made some attacks more sophisticated and difficult to spot than ever before. A vast and highly organised underground infrastructure has evolved to give criminal gangs everything they need, from the web hosting, to the malware, to the compromised networks of computers (botnets), to even money laundering services. It’s all there to support cyber crime on an industrial scale.
These efforts are not just aimed at draining your bank account anymore, either. Increasingly sophisticated attacks are targeted at critical infrastructure organisations – banks, utilities, energy companies, governments – to blackmail them or steal information which could give private competitors or rival states an advantage.
We rely so much these days on the internet, and the cloud computing services built on top, and the bad guys know it. As more of the world comes online and our dependence on the cloud increases, we can only expect greater and greater volumes of attack and sophisticated new techniques for stealing our data and disrupting our infrastructures.
In the face of this onslaught, the only effective way to fight back is to build a coherent, collaborative, proactive response. In the past, efforts have been held back by the geographically dispersed nature of internet crime, the reluctance of governments to engage and a lack of available resources.
Happily, that’s no longer the case. In 2011, the International Cyber Security Protection Alliance (ICSPA) was formed – a not-for-profit body with a mission to facilitate dialogue and information sharing across government, law enforcement and business, as well as providing direct support to those agencies or governments who lack the knowledge or structures to be an effective player.
Trend Micro is proud to be one of its founding members alongside companies like Visa Europe, Atos and Shop Direct Group, and we welcome the ICSPA’s strategic partnerships with the likes of Europol and City of London police.
Building on its work, the ICSPA has announced Europol will be leading its Project 2020 initiative – a comprehensive study into the future of cyber crime drawing upon the resources of its ICSPA members and international law enforcement teams.
It’s a great initiative which will look to raise awareness of what the future looks like, providing guidance on defence tactics for governments, firms and citizens.
Cyber crime evolves incredibly quickly and it needs the co-operation of all internet stakeholders –information security vendors like Trend Micro, IT professionals, academia, law enforcement, national governments and businesses – in order to provide a coherent and effective response.
There’s no telling what the cyber threat landscape will look like by 2020, but in the meantime if we work together to improve our knowledge and awareness we can begin to take the fight to the bad guys.
The fight back starts here.
About Guest blogger Tony Larks:
Tony Larks is Vice President of Global Consumer Marketing at Trend Micro. Tony has extensive experience in networking, business development and marketing. He is a frequent contributor to Trend Micro Fearless Web and lives in Marlow, Buckinghamshire which is located 60 kilometers west of London in the United Kingdom.
| 10 |
| Jul |
Article by Rik Ferguson
Filed under: Cloud,countermeasures,Family Safety,Opinion,vulnerability | RSS 2.0 | No Comments |
Recently my attention was drawn to a smartphone app that promised to assist in reuniting parents with their lost offspring. I was left amazed that such a worthy idea could be so very poorly implemented, putting the safety of the children of any of their subscribers at potential risk.
The app works like this:
1 – Parent downloads the app and buys a subscription, enabling them to add their children in preparation for the day(s) when they eventually go missing. I’m not joking, I have three kids, I know how often this happens and I remember putting my mum through the same heartache, more than once. So far so good…
2 – A like-minded “community” of individuals, interested in the welfare of children and in keeping the blood-pressure of parents at manageable levels, downloads the free version of the app. These people do not upload any child details; they are the “support network”.
3 – Young Tarquin decides that the pet shop is far more interesting than the plumbing supplies outlet where dad had intended whiling away his afternoon and goes off for a wander.
4 – Somewhere between the Ring Seal Soil Sockets and the Unvented Cylinders, dad realises that young Tarquin is no longer anywhere nearby and immediately sends out an alert on his smartphone app. Letting any other smartphone owner nearby (with the app installed) that young Tarquin has gone missing.
5 – Every member of the “support network” in the vicinity receives an alert, a photograph and the details of young Tarquin, exponentially increasing the chances that he will be quickly and safely found and returned. One of them will spot the youngster, approach him and send a message to the distraught father that all is well.
So far so good?
If you were a predator, interested in finding lost and vulnerable children, which app would you download first?
The manufacturers of the app counter the predator argument with the assertion that, having broadcast the details of the missing child in the local area, the app creates a “white hot zone” of risk which would keep predators away. The fact that so many people in the area know this child is missing means that predators won’t dare approach the vulnerable kids.
This counter-argument relies on two things; first that a sufficiently large number of people download the app, creating this white hot zone and second that the elevated level of suspicion in the area doesn’t simply mean that *no one* dares approach the child for fear of being accused of being that predator. I know how it is, particularly as a guy, you have to think twice or even more, about whether you should approach the crying child in the playground to offer your help, even if you’re with your own kids.
In a worst case scenario, the manufacturers also assert that they have the contact details of everyone who installs the app. I installed it to test, I was able to enter any email address, any phone number and any name, there was no verification step for any of them and the app functioned, even with entirely bogus details. Their privacy policy expressly states that they do not store any location data from their users on their servers meaning that little of use could be supplied to law enforcement should anything go wrong anyway.
While I applaud the motivation behind the app and the harnessing of now ubiquitous technology to try and keep children safe, I can’t help but feel there are more sensible ways to doing than broadcasting the name, photo and probable location of your child to anyone who cares to listen. This problem needs to approached with technology that leaves the child in control. For now, that means making sure they know exactly what to do and what not to do, should they beocme separated from you.
You can’t have it both ways, either strangers are allowed to approach the child, or they are not. The public information film at the top of this post might be from 1973, but it’s as true now as it was then “Never go anywhere with men or ladies that you don’t know.” And it really doesn’t make any difference if they are holding an iPhone.
| 09 |
| Jul |
Article by Rik Ferguson
Filed under: Bad guys always lose,countermeasures,malware,Opinion,Underground Economy,vulnerability | RSS 2.0 | 2 Comments |
The DNSChanger malware modified the local DNS settings of an infected PC. This meant that criminals could assume control over the DNS resolution of the victim computer, effectively redirecting it to any destination of their choice, rather than the bank or search engine the user originally intended to visit (for example).
This ability was used primarily for click fraud by the Esthosts gang, redirecting searches and sites, to generate revenue by defrauding advertisers and advertising networks.
PCs which are still infected by the malware, or whose settings have not been corrected, even after the infection was cleaned up, are still querying those criminal servers. The FBI have been operating those servers since the warrant was executed, but their right to do so has now expired and the servers will be shut down. Meaning that any queries from those 300,000 computers will fall on deaf ears and to all intents and purposes, the web will go dark for the affected users
At the time when Trend Micro co-operated with the FBI in bringing the Esthosts gang to justice, we believed about 4 million PCs to be affected. This number has since dropped to about 300,000 and this should be considered a success. However with the definitive shut-off of the criminal DNS servers today, those 300,000 people face a potential total loss of web access.
If you’re reading this, you’re ok, but if your neighbour comes to your door asking who broke the Internet, now’s your chance to play knight in shining armour. And if you work on an ISP help desk… May the force be with you!
Image Credit: Camera Eye Photography
Copyright © 1989-2012 Trend Micro Incorporated. All rights reserved.
Trend Micro (EMEA) Limited, a Limited Liability Company. Registered in Ireland No. 364963.
Registered Office: IDA Business & Technology Park, Model Farm Road, Cork.
Legal Notice | Disclaimer