A slow response to an IT security incident, a large growing advertising business and a large gap of knowledge of tools encourage a scenario where the main protagonist is private information.
by Osvaldo Callegari*
Viruses, malware, malicious codes or threats to information on the Internet show every day a commercial edge more than harmful, it is necessary to say since the vast majority of malware for example is aimed at generating millionaire businesses in advertising.
When one uses a browser to visit pages of interest, multiple options appear to click on advertisements or new offers, this type of mechanism leaves advertising dividends, since powered by malware make it impossible to remove them no matter how much antivirus you have installed and when you get tired you take it as usual that every time you want to explore the Internet unsolicited toolbars appear with annoying and mandatory to read ads.
This suggests that one of the possibilities for this type of threat to persist is the sole responsibility of hackers or virus creators, but by organizations perfectly established in the back room.
It is easier to blame such a hacker or cracker today since the way to verify the veracity of the accusations in many cases is not verifiable, since although the data are electronic means and can be stored it is practically impossible to verify the origin of them.
When they arrest a hacker or virus creator, they usually employ him in counterintelligence jobs. Is it okay to hire a person with that psychological profile?
The number of people detained for malware or viruses is virtually unknown. The questions will remain unanswered like so many things in this technology-driven world.
There is a real and bureaucratic problem in the maintenance of computers or servers in small and medium enterprises, the lack of updating of firewall policies leads to access to threats of thick caliber.
It is customary to say "The security policy of that computer was the manager who left" this can knowingly become an unattended security breach.
Today, networks demand more and more connections and configurations that make the task of maintaining security difficult.
The advent of the Cloud increased the complexity of maintenance much more; in turn, the safety rules are broader and in some cases unknown. The trend according to Young "is to adopt online applications to mitigate this problem."
Research from companies like Symantec gives us an overview from their background.
Background
This indicator evaluates the countries in the Americas region, where the greatest amount of malicious activity takes place or originates worldwide. Malicious activity often affects computers that connect to the Internet using high-speed broadband because these connections are attractive targets for attackers. These connections offer greater bandwidth capacity than other types of connection, better speed, the possibility of having continuously connected systems and generally a more stable connection.
Symantec classifies malicious activities as follows:
* Malicious code - It includes viruses, worms and Trojans that are introduced in a hidden way within the programs. Among the objectives of malicious code are the destruction of data, the execution of destructive or intrusive programs, the theft of confidential or sensitive information, in addition to endangering the security or integrity of the victim's computer data.
* Spam Zombies - These are affected systems that are remotely controlled and used to send large volumes of junk or junk (spam) email. These emails can be used to transmit malicious code and/or make phishing attempts.
* Phishing Hosts - A phishing host is a computer that offers services such as those of websites to attempt to illegally obtain confidential, personal and financial information by pretending that the request comes from a trusted and recognized organization. These websites are designed to simulate the sites of legitimate businesses.
* Computers infected by bots - These are computers that have been compromised and whose attackers control them remotely. Typically, the remote attacker controls a large number of affected computers through a single, reliable channel in a botnet that is then used to launch coordinated attacks.
* Origins of network attacks - These are the sources that give rise to Internet attacks. For example, attacks can target SQL protocol vulnerabilities or buffer overflow.
* Web-based attack sources - Measures the sources of attacks that arrive over the Web or via HTTP. Usually, this affects legitimate websites that are used to attack unsuspecting visitors.
Methodology of the activity
To determine malware activity by country, Symantec has gathered geographic data on various malicious activities including dangerous code reports spam zombies, phishing hosts, bot-infected computers, and network attack origins. Then, the proportion of each of these activities originating in each country is determined, according to the region and the average of the percentages of each activity is calculated. This calculation allows to establish the scope and the propagation in each sector, being able to establish strategies to be at the forefront in defense.
Malicious code threats are classified into four main types, backdoors, viruses, worms, and Trojans:
* Backdoors - Allow an attacker to remotely access affected computers.
* Trojans - These are malicious codes that users install on their computers without realizing it, usually by opening email attachments or performing downloads from the Internet. Usually, it is another malicious code that downloads and installs the Trojan. Trojan programs differ from worms and viruses because they do not spread on their own.
* Viruses – They are spread by infecting existing files on affected computers with malicious code.
* Worms - They are threats of malicious code that can be replicated on infected computers or in some way that facilitates their copy to another computer for example: Through USB storage devices.
Many malicious code threats have multiple features. For example, a backdoor is always found along with another malicious code feature. Normally, backdoors are also Trojans; however, many worms and viruses also incorporate backdoor functionality.
In addition, many samples of malicious code can be classified as worms and viruses because of the way they spread. One of the reasons for this is that threat developers try to activate malicious code with multiple propagation vectors to increase the odds of successfully affecting computers during attacks.
This analysis is based on samples of malicious code detected by Symantec in early 2012.
Suggestions to companies
* Employ defense-in-depth strategies.
* Turn off and delete services that are not necessary.
* If any malicious code or other threat exploits one or more network services, disable or block access to those services until a patch is applied.
* Isolate infected computers.
* Keep patches up to date.
* Implement network policy access and compliance solutions.
* Create and establish effective password and device control policies.
* Configure mail servers to block or remove emails with attachments that are frequently used to spread viruses.
* Ensure that emergency procedures are in place and educate your employees not to open files from unknown senders or download software that has not been previously scanned.
Suggestions to consumers
* Have passwords with a mix of letters and numbers and change them frequently. Passwords must not have dictionary words
* Never view, open, or execute email attachments unless they are expected and the purpose of the attachments is known.
* Keep virus definitions updated regularly.
* Check periodically to see if your operating system is vulnerable to threats.
* Never disclose confidential personal or financial information unless and until it can be confirmed that the request for such information is legitimate.
* Do not perform high-risk Internet activities, such as banking transactions or online purchases, from public computers.
* Avoid clicking on links or attachments in email messages or Instant Messaging messages, as these can also expose computers to unnecessary risks.
* Use an Internet security solution that combines antivirus, firewall, intrusion detection, and vulnerability management to provide maximum protection against malicious code and other threats.
* Have security patches updated and that are applied in a timely manner.
At the same time there is a problem with the definition of those in charge of computer security, it is necessary to emphasize constant training in pursuit of continuous improvement, training should be established as mandatory with short periods between weeks ensuring information in the face of new threats.
As additional guidance the 20 critical security errors according to Sans, the information in this table is collected by companies that have gone through this type of situation, which report to the organization to mitigate the effects.
1. New equipment incorporated into the network without authorization or new devices without verification
2. New installations of unverified software or unvalidated software.
3. Secure Configurations for Hardware and Software on Laptops, Workstations and Servers
4. Continuous vulnerabilities without solution protocols
5. Defense against malicious code
6. Systems for software security protection
7. Wireless Device Control
8. Data recovery capability
9. Level of training in the face of threats and detection of security breaches
10. Secure configurations of firewalls, routers and switches.
11. Limitation and control of network ports, protocols used and services enabled
12. Control of the use of administrative privileges
13. Network perimeter defense
14. Maintenance, supervision and control of security audits.
15. Access control based on Who is the person?
16. Account monitoring and control
17. Data Loss Prevention
18. Incident Responsiveness
19. Network Engineering Security (Cabling and Connections)
20. Network penetration test and countermeasure exercise.
The brands and products mentioned are registered brands and products of their companies. Laboratory Analysis provided by Symantec.
*If you wish, you can write to the author of this article for queries or concerns to [email protected]
Leave your comment