On November 12, 2008 the 63rd Session of the International Telecommunications Union (ITU) Council met and discussed the current state of cybersecurity. The event concluded with the declaration that cyber-security is one of the most important challenges of our time. The ITU Secretary-General, Dr. Hamadoun Toure stated: “The costs associated with cyber threats and cyber-attacks are real and significant — not only in terms of lost revenue, breaches of sensitive data, cyber-attacks and network outages but also in terms of lives ruined by identity theft, debts run up on plundered credit cards or the online exploitation of children.”
While I might not totally agree with the severity he states, I do agree that the situation is bleak – and apparently only getting worse.
Hackers use any method available to achieve their goal – total domination of the Internet. Okay, that’s really extreme.
Think of your own specific situation. You undoubtedly have at least one anti-virus (AV) program installed on your working computers, right? (many of you have 3-4 different security programs installed)
How many times has it actually caught a virus? If your AV is set to scan once a day, how often has it detected a virus/worm/trojan during it’s scan? If ever, you have to
During the course of the past 2 months we’ve seen the following security issues:
- Malware delivered by infectious Adobe Acrobat files (pdf)
- “Common” websites delivering malware (i.e., www.mlb.com, www.businessweek.com, www.cbs.com)
- 85% of malware being delivered by infectious websites
- Numerous content management systems (CMS) and forums having various vulnerabilities
- “Hacking” used in a multitude of political wars (website defacements, etc)
- More intelligent malware (blocking of AV updates, disabling security software)
In addition to the above list, more malware has been delivered via social engineering. Social engineering is the “art” of using deception to get a user to intentionally install something which turns out to be malware (definition of trojan).
Back in October we saw the keyword “costumes” being abused by cybercriminals to get people to visit malicious websites promising to offer fantastic ideas on Halloween attire. Then in November we saw numerous emails be circulated that offered various food recipes for Thanksgiving many of which resulted in webpages that contained more than recipes. They offered recipes for infection (you can use that if you want).
Along with the holiday themed malware strategies, here in the US we were also going through a Presidential election which brought about an abundance of election themed malware attacks. Then we had the year-end holidays and New Year’s each with their own malware messages and accompanying websites.
Now with the Presidential Inauguration just completed we’ve seen numerous messages “flying” around the internet touting “Obama refuses to take oath”. When any of these links are followed, they lead the unsuspecting inquisitive reader to a website that delivers more than the message they were seeking. It also attempts to infect their computer with little pieces of code that are just the beginning of taking control of the infected PC.
All of this is actual, real world reality. I didn’t make this “stuff” up. I didn’t write these viruses/worms/trojans like some of you think.
Cyber crime is something we all have to deal with.
You’re in business to solve some real world problem. Whether you’re a plumber or a rocket scientist, you solve someone’s problem otherwise you wouldn’t be in business.
I selected computer security as my profession and I believe I do it well. I try to solve real world computer security problems. If you find my work offensive, you’re free to ignore it.
I don’t work in FUD. I just merely try to educate you so you know what you’re facing being online.
Please leave me your comments on this posting.