18 March 2015
It’s hard to talk about security without appearing to sensationalise the problem. Regular stories covering attacks on large companies such as Target, Home Depot, Sony and others give the impression that it is impossible to protect corporate data. This impression is hard to shake when security software vendors such as Panda release their report into 2014 with statements such as “malware creation broke new levels with 200,000 new samples spotted every single day.”
On that note, it’s worth looking at some of the numbers in the end of year report:
While all of this sounds bad and gives the impression that the sky is falling, there is no need to panic unnecessarily. The reason for this optimism is that when PandaLabs looked at infection rates it discovered that the global infection rate dropped to 30.42 per cent, a decrease on the 31.53 per cent reported in 2013.
The top ten most malware infected countries are pretty much the same as in 2013 with the exception of Argentina who were replaced in the top ten by Bolivia (possibly as a result of attacks by Chilean nationalists). The infection figures (2013 in brackets) were:
1 (1) China – 49.05 per cent (54.03 per cent)
2 (3) Ecuador – 42.33 (40.35)
3 (2) Turkey – 41.53 (42.15)
4 (8) Guatemala – 39.58 (36.38)
5 (5) Russia – 38.80 (38.01)
6 (7) Taiwan – 38.11 (37.97)
7 (-) Bolivia – 37.53 (-)
8 (4) Peru – 36.28 (39.85)
9 (9) Poland – 35.09 (35.01)
10 (10) Brazil – 34.12 (34.99)
Surprisingly Ukraine is missing off of this list, especially given the recent outbreak of hacking and cyber warfare between supporters of Russia and Ukraine. The USA is also missing off this list despite being the country where the biggest cyber-attacks took place and the premium placed on botnets dominated by US-based computers.
Ten least infected countries unchanged from 2013
Sweden 19.98 per cent (20.28 per cent)
Norway 20.31 (21.13)
Finland 21.21 (21.22)
UK 22.14 (22.14)
Germany 22.68 (22.68)
Switzerland 23.05 (23.05)
Netherlands 23.64 (23.64)
Japan 24.84 (24.84)
Denmark 25.34 (25.34)
Belgium 25.40 (25.40)
While there are minor changes showing a decrease in infection for the top three, the remainder of the top ten are completely unchanged year on year. Given that the overall rate of infection dropped over the year, it is surprising that only the top three saw a decrease in the rate of infection. It is also noticeable that the nine European countries on this list are also high on the list of European IT literate countries.
The question is whether that level of awareness is enough to guarantee them a place on this list? It’s hard to know but these are also countries where sales of security products are also high.
The attack on Target involved specifically crafted malware to target their Point of Sale data. The same is true of many other attacks which use a combination of spear phishing targeting a particular user and then malware designed to do a specific job. That job might be something as simple as compromising a DNS or exploiting a previously unknown flaw in a piece of software.
Attack on Adobe
An example of the impact of the latter has been the recent attacks on Adobe. Cyber criminals managed to steal the source code of a number of Adobe programmes during an attack in 2013. The implications of that attack are only now becoming clear as Adobe suffers security breach after security breach. Given the amount of time cyber criminals have had the source code, it is likely that what Adobe are patching is likely to be only the tip of the iceberg.
Adobe is unlikely to be the last company to suffer a breach aimed at stealing their source code. Every time this happens, cyber criminals will be able to examine the code in detail to find new attacks that the software vendors are unlikely to be able to patch for months after the attackers begin to exploit them.
It is not just stolen software that is the problem here. Increasing amounts of software is going end-of-life where manufacturers are no longer prepared to support or provide security patches and updates. It might be felt that this is mainly a consumer issue but this is not the case. Windows XP and Windows Server 2003 are the two most high profile pieces of EOL software that affect businesses. Failure to migrate before software goes EOL means that cybercriminals have an opportunity to attack companies without being spotted.
Even when a company has dealt with its own software it is still at risk from its own employees and their ‘Bring Your Own Device’ policies as well as its supply chain. In the report, PandaLabs calls out the loss of data by Yahoo which turned out to be data obtained from a third-party database. This is not the only reported incident where the supply chain has been the problem. To reduce the risk of this being a major breach vector, large enterprises need to get actively involved with their supply chain to help improve cyber security.
Insider attacks and the use of stolen employee credentials accounts for a large number of attacks on systems. A worker at the Korean Central Bank (KCB) and the use of stolen eBay employees credentials both resulted in major data thefts,
Every security company has reported a significant rise in mobile malware with Android the most affected platform. In one month alone, PandaLabs reported that it detected four malicious apps on Google Play with anywhere between 300,000 and 1.2 million downloads in just over one month.
The speed with which malware on Android is being sold to different groups has also increased. PandaLabs reports that while it was busy analysing a new malware called Android/Koler, it became aware of a new variant which while identical in code, was using a different server. This is in line with other reports showing how easy it is to buy and use malware kits which increasingly come with money back guarantees if they don’t deliver as promised.
This malware was targeted at users in specific countries which shows that cybercriminals are looking at where they can get the best return on their investment. As cybercrime increasingly becomes industrialised and a business, this is likely to continue.
A more serious issue has been the problem of malware being preinstalled on smartphones. This is hard for users to detect because every time they reset their phones to try and remove the malware, they just reinstall it. Even large companies can get caught in the problem of preinstalled malware. Recently, Lenovo suffered the problem of adware that was preinstalled on its laptops becoming a major embarrassment for the company when it was detected, forcing Lenovo to issue software to remove it.
The success of iOS and the willingness of users to jailbreak their phones in order to download pirated content has also opened the door for attacks on iPhones and iPads. The main source for these attacks has come from China.
Apple has also suffered from allegations of breaches at its iCloud service but that remains unproven at this time. What is known is that some of the attacks blamed on Apple were really breaches by third parties where users had used the same username and passwords to access services as they used for their Apple accounts.
As the Internet of Things grows and devices become increasingly connected to the Internet, the opportunities for cyber-criminals increase. PandaLabs believes that companies can no longer take a passive stance and must become more proactive. The growth of Security Intelligence is designed to move the discussion away from reaction to detection but companies cannot use one without the other.