ISSE: Emerging security threats challenge businesses

• Article
• Gallery

gallery

Hackers and cybercrime gangs are increasingly targeting smart phones, Macintosh computers and other "emerging" platforms, delegates to Europe's largest independent security conference have been warned.

Speaking at this year's ISSE conference in Warsaw, Costin Raiu, head of research and development at anti-virus vendor Kaspersky Labs, said that security improvements in Windows Vista were making it harder for cyber-crime gangs to target PCs. At the same time, the growing popularity of alternative platforms, such as Mac OS and the Symbian mobile OS were bound to attract growing attention from hackers.

"Vista has security features which make many of the current attacks obsolete," said Raiu. "But there are also more and more people using smart phones. There are more banks using such phones for two-factor authentication, but cyber criminals are designing Trojans that look like [authentication] tokens."

Gangs are going to greater and greater lengths to improve the quality of malware, Kaspersky suggests.

Hacker teams are increasingly organised on similar lines to professional software development teams, with quality assurance and even marketing specialists, said Raiu.

One group has even gone as far as to submit its Trojan to Symbian as part of that platform's application signing process. The application purports to be a data backup utility but in fact diverts personal information to the crime gang's servers.

The cybercriminal's greater sophistication is also being tracked by Microsoft, which has noted a growing emphasis on highly-targeted malware attacks, especially phishing.

According to Steve Lipner, senior director of security engineering at Microsoft, malware authors' use of social engineering is becoming more skilled. "The cyber criminals will use a carefully socially engineered hook to get someone to open an attachment, which then tries to exploit a vulnerability and installs a back door for a bot client, or downloads additional software for logging key strokes or sucking down sensitive data," Lipner said.

Better software development methodologies, including building a security lifecycle into the software development lifecycle, will reduce the number of vulnerabilities and remove many of the opportunities for cyber crime, he explained. "We don't kid ourselves that we will get to perfect software but we will reduce the number of exploits and stop shortcomings being introduced in software," said Lipner.

Alternatively, end users could look for alternative platforms for sensitive transactions such as online banking. "At the moment, the closest thing to a secure platform is a Nintendo Wii," said Kaspersky's Raiu. "It is pretty limited, but it is pretty much malware proof."

Email to a friend

Print this page