In today’s article, Intersections’ Consumer Security Adviser Neal O’Farrell asks the question “is the economy helping cybercriminals?” Read on to find the answer!
A recent report from security firm Panda Labs found that in the last three months alone it has detected more than five million new types of malware. That works out to an average of one new type of Trojan, virus, and other malicious program discovered every 1.5 seconds.
Because of the way most anti-virus programs work, once a virus is discovered the anti-virus companies have to rush to write a piece of code or signature that must then be downloaded as quickly as possible by billions of users around the world in order to keep that particular piece of malware out.
That means that many of these viruses can easily make their way on to unprotected computers before the programmers have time to push out the updates. And with many anti-virus companies struggling to grow their profits, it could mean that as malware grows in volume and sophistication, anti-virus companies may have to spend less on updating their software.
And if you don't believe in such perfect storms, take a close look at the identity theft wars. As identity theft continues to grow, and become more sophisticated, cash strapped police departments no longer have the resources to investigate these crimes. Which only encourages and emboldens more thieves.
The Panda Labs report seems to support this notion. The most powerful and dangerous type of malware, and the type most favored by organized crime for its ability to steal passwords and break into bank accounts, is the Trojan. And according to Panda three out of every 4 new types of malware discovered in the last three months was a Trojan.
Which probably explains why Trojans were responsible for the majority (63%) of infections in the last three months. Trojans are very efficient bank robbers, and the payoff can be enormous. Two cybercrooks from the Ukraine were just sent to prison in the United Kingdom after they were convicted of using exactly this type of malware to steal more than $4 million from bank accounts in just six months.
On a related note, the Panda Labs report also found that the countries with the worst infection rates were China, Taiwan, and Russia. In China, for example, it's believed that more than half of all PCs are infected by malware.
And traditional attacks like phishing are not going away. Within days of a warning by the American Bankers Association of an unexplained spike in phishing attacks, security researchers had identified a new type of phishing attack that looks like it comes from a well-known bank and offering recipients $35 to complete an online survey.
According to security firm Sophos, the email asked for so much highly confidential information it should be a warning sign; the email questionnaire asked for:
- Social Security Number
- Card Number
- Card Expiration
- ATM PIN
- First, Middle and Last Name
- Email (Ironically, They Mailed You the Form)
- Mother’s Maiden Name
- Place of BirthBirthday
And an increasingly common way to spread phishing emails and infect users with this kind of malware is trusty old spam. The irony is that much of the spam in circulation today comes from the computers of innocent users. Spammers use botnets to infect unprotected computers and use them to relay spam to other users. And unfortunately, it appears that the United States still holds the top spot when it comes to relaying spam.
The bottom line? The easiest way to lose a battle is to just walk off the battlefield. As many companies and industries struggle just to survive, they're cutting back on security. According to this year’s annual Global Information Security Survey, conducted by PricewaterhouseCoopers, nearly 10,000 executives around the world were asked about their plans to make security a priority. Sadly just 11% said that they planned to make data protection a top priority.
Cyber-crooks are taking full advantage. Not only are they developing even more sophisticated malware, they're deliberately overloading businesses and consumers with so many attacks, something has to give.