| Recent
Articles |
We Need A More Flexible Sense Of Ethics In...
One of my greatest mentors in information security is the CISO of a major educational institution; he has served the information security community well, with honor and with distinction over his many years in information security. So when he starts a conversation off with the...
Talking With Samba Team GPL Compliance Officer...
Simo Sorce is the Samba Team GPL Compliance Officer, hired by Red Hat in 2007 where he is a Senior Software Engineer, maintainer of Samba and expert on Windows Integration and Identity Management. Simo Sorce...
SharePoint: Back Door Storage Play
We've been a SharePoint user, of sorts anyway, since the original beta. I didn't think much of it, to be honest, as eventually it became a giant pain in the rump just like every other tree oriented file system - once you put a zillion things in it, and you can't find anything.
Lazy DNS
I had a call this morning from a customer who wanted me to come down because their mail server was broken. They had experienced an ISP outage, which subsequently was fixed, but their mail server wasn't getting anything still. I was actually ready to go out the door when I thought...
|
| Recent WebProNews
Articles |
Facebook Now Sends Messages' Content In Email
While it was (presumably) nice to see that you’d received new messages on Facebook, it wasn’t too helpful that the social network’s email notifications stopped there; from your email account, you’d need to head over to the...
Natural Search Traffic To Retailers Rises
Retailers have had higher growth rates for natural or unpaid search traffic, according to Netconcepts. The company looked at programs of retailers using GravityStream, its natural search-advertising platform...
Microsoft Silences Santa Sex Talk
Microsoft has had to remove its Santa bot after it was discovered to be using inappropriate language with users. Microsoft added northpole@live.com last year to its Windows Live Messenger, which encouraged kids to...
New York Times Outlines Survival Strategy
Most people are looking for newspapers to either hold on or die - online growth often doesn’t appear to allow for any other options. But The New York Times Co. actually believes its revenues increased by a small amount in...
|
 |
|
12.06.07
Are You Really Protected?
 By
Ryan Sherstobitoff
The threat landscape is evolving and changing more rapidly than many traditional security companies can cope with - especially given that the bulk of threats discovered have been developed and orchestrated by highly sophisticated groups with a focus on financial gain.
For the first time in the history of the Internet we are seeing the establishment of a "virtual" mafia of organized criminals taking advantage of the anonymous nature of the Internet.
A good number of these "faceless" attacks are going un-noticed by authorities until it's too late, and malware is becoming much more targeted towards specific entities as well as specific information.
Take, for example, several recent high-profile security breaches with well-known retailers. In all instances, hackers had apparently been coming and going for nearly two years until the attacks were finally noticed by the appropriate authorities.
In addition, more and more online consumers are falling victim to identity theft via malicious code than by any other means versus a few years ago. At that time people became victims not primarily by malicious code, but by other means such as dumpster diving, shoulder surfing and various other methods.
The unsettling reality is that in today's world the rate of infected users is occurring faster and in greater volume than traditional security companies can detect and respond to. Unfortunately, this puts consumers and corporations at greater risk than all previous years combined.
According to the recent quarterly report provided by PandaLabs, the predominant category of malware detected is Trojans (over 75 percent). Trojans are comprised of password stealers, worms, banker Trojans, and various other forms of malicious code.
Nevertheless the goal is the same - financial or economical gain through unethical means.
Furthermore; in order to maintain their invisibility and harvest the personal details of their victims, cyber criminals are doing three things:
1. Developing and releasing malware at an overwhelming rate to saturate anti-malware labs with the intention of rendering traditional anti-malware solutions ineffective. The sad truth is that it's working and current security solutions may reflect only 65 percent of what is really affecting users.
2. The malware itself has evolved to include a wide range of sophisticated techniques to evade analysis such as custom packers and cryptographic algorithms which are types of anti-reversing technologies.
3. The design and development of malware includes QA to ensure that their creation evades all known products on the market.
With these three things combined, it's evident that users are becoming more infected then ever; even with up-to-date anti-malware technologies installed. To further articulate this problem, PandaLabs recently conducted a research study over the course of three months in order to obtain an accurate look at the current state of protection.
The study focused on two very real populations: 1.5 million consumers; and another study against 2,000+ companies. The end result was an astonishing rate of infection - and even though both groups believed they were protected -
consumers experienced a 22 percent active infection rate and even more astonishing, 72 percent of those on the corporate side were infected.
With this being said, traditional anti-malware solutions are failing to hit the mark in terms of providing adequate protection. Historically, security has been a signature based world. However, this model is rapidly failing under the overwhelming rate of infection being experienced today.
In fact PandaLabs receives over 4,000 new and unique malware samples on a daily basis. This is much more than the previous 15 years combined.
Continue reading this article.
About the Author:
Ryan Sherstobitoff is the Chief Corporate Evangelist at Panda Security USA. Ryan lectures across the country on cybercrime trends as well as corporate risk assessments. In addition, Mr. Sherstobitoff writes a monthly column for the ISSA Journal, the official publication of the Information Systems Security Association. He can be reached at ryans@us.pandasecurity.com.
|
