Is It Safe Now?...
IF you think your PC is safe, think again! Rising online threats spell dangers. More protective measures are needed.
| Tan says the question is no longer about how safe the computer is, but about how well-protected, managed and controlled the information is today. |
Cyber attackers use new ways to gain control
BAD news for computer users! Cyber attackers are employing new and more sophisticated techniques, and no longer limited to intrusions, viruses, worms, spam and phishing.
According to Symantec Corporation (Malaysia) managing director Suzie Tan, among the newer techniques are bots, Web-based attacks and spim – unsolicited messages sent to cellular phones.
“As security measures are developed and implemented to protect the computers of end-users and organisations, attackers are rapidly adapting new techniques and strategies to avoid them.”
Tan said the changing threat landscape has led to the emergence of Security 2.0, the next generation of security centred on protecting and managing information.
“So, the question is no longer about how safe the computer is, but about how well-protected, managed and controlled the information is today.”
In addition to the said threats, the explosion of new malware variants has resulted in the shift from mass distribution of a small number of threats to micro distribution of large families of threats. These new strains of malware consist of millions of distinct threats that propagate as a single, core piece of malware creating an unlimited number of unique malware instances.
“One of the more recent examples include the Conficker worm, sometimes called Downadup. A number of different variants have been disclosed over the past three months, whereby the worm has created an infrastructure that its creators can use to remotely install software on infected machines.”
Inadequate protection measures open the computers to the risk of attack and the consequences are costly.
According to a research from the Ponemon Institute, an independent research firm specialising in privacy, data protection and information security policy, the cost of a data breach is at nearly US$200 (RM720) per compromised record.
From a business perspective, such incidents do not only result in extra expenses to recuperate from downtime and IT systems failure, which will affect productivity, but also introduce serious legal liability issues and undermine hard-earned corporate brands and reputation.
Tan advises businesses to strengthen their priority and maintain their investment on security infrastructure in the organisation.
“The least they can do is to employ in-depth defence strategies, which include the deployment of regularly updated anti-virus, firewalls, intrusion detection, and intrusion protection systems on client systems.
How to keep your system safe
1 Unless you’re absolutely certain a site is legitimate and secure, don’t provide personal or financial information such as your IC number or bank details online. Even on Web sites that appear to be legitimate, they may be fake or “phishing” sites that exist only to steal your information. Never send such information through e-mail or instant message either.
2 Always use secure Web sites when sending information or transacting business online.
3 Do not visit suspicious Web sites, click on suspicious links or open attachments, unless you know for sure they are trustworthy.
4 Store sensitive financial and personal information in password-protected files and directories; use strong, non-obvious passwords.
5 Don’t open e-mail attachments from persons you don’t know or trust.
6 Regularly download all browser and security updates to keep your security protection safe – anti-virus, firewall.
7 Install a good firewall protection, anti-virus software, and anti-spam or anti-phishing filter. A programme with anti-virus and anti-spyware capabilities can detect and often remove crimeware threats that would otherwise remain hidden on your machine.
8 Educate yourself. Check out the latest threats, spyware and adware, security advisories, and recent security news.
Singapore, Thailand hit more often than Malaysia
According to the latest Symantec Asia-Pacific and Japan (APJ) Internet Security Threat Report XIV, which observed current trends and impending threats for 2008, a total of 2,075,968 distinct bot-infected computers were identified in the APJ region, which amounts to 22 per cent of the 9,437,536 distinct bot-infected computers detected worldwide during this period. It is, however, 21 per cent less than the 2,628,906 distinct bot-infected computers that were identified in the region during 2007.
In 2008, Malaysia ranked third in Southeast Asia (behind Singapore and Thailand) for country with the highest bot-infected computers, and ranked ninth in APJ. Malaysia’s ranking has improved significantly from the top ranking in Southeast Asia, and sixth ranking in APJ in 2007. (See Table)
Know your enemy ...experts tell you how to protect your PC
Online threats are real and dangerous. But how do they emerge and how do you minimise your risks? Siti Syameen Md Khalili talks to a number of computer security solutions providers and experts on the subject.
• Lim Kar Aik, chief executive officer, Avira Sdn Bhd
The computer can be infected by a mere click on a Web site. Virus, worms and Trojans spread through your office network, Internet, or even the flash drive.
Users who are most vulnerable to threats are those closely related to financial gains. For instance, hackers might use a phishing technique to “fish” or to tempt online banking users to key in their bank account’s log in detail and password by creating a similar Web page that looks exactly the same with the real one.
The threats depend on the behaviour of the virus itself. Some could be really harmful to your computer and might cost you a new hard drive or even a new motherboard. Recently, the famous Conficker C worm hits the Internet and has so far infected more than 10 millions PC around the world.
Users thus need to make their computers safe and secure by choosing reliable anti-virus solutions.
Locally, our end-user anti-virus solution, Antivir Personal Edition, has protected more than one million PCs.
Anti-virus software is affordable nowadays and we encourage people to install it. They should watch out what they surf to and pay attention on what to click and what not to.
• Victor Lo, regional consulting manager, Trend Micro (Southeast Asia & Hong Kong)
The computer on its own is safe, but risks emerge once the user hooks it onto the network.
The Internet is where anything can take place, both good and bad. Even if the computer has a security software in place, it would depend on what level and type of security the software covers.
Specific online activities are vulnerable to different types of viruses, malware and threats. For companies, being vulnerable to threats means being at the risk of losing valuable data, consumer database, passwords and the risk of living through operational downtime and clogged bandwidth (via spam).
Downtime is a costly price to pay for ignoring protective measures. This kind of losses is purely monetary and is completely at the cost of the company’s budget.
For consumers, the threat lies in losing essential information and passwords, which result in monetary and privacy loss.
More than that, during this Age when Internet banking and bill payment transactions have become a daily norm, mirror sites by hackers, spyware and phishing activities can steal a person’s personal data such as name, address and passwords. Also, the number of Internet users is booming and children are targeted by online criminals.
Hence, Trend Micro has a new initiative – Internet Safety for Families & Kids (ISKF) through which we try to create awareness of the risks and solutions for children’s safety online.
Besides that, our end-user solution, Trend Micro Internet Security 2009, is designed to protect several PCs in a household and PC activities can be managed from a parent PC. It offers network protection against online intruders.
• Dhillon Andrew Kannabhiran, founder/CEO, Hack in The Box (M) Sdn Bhd
“The risks associated with computer usage are increasing. In the past, attacks were more focused on the network layer. Today, the focus has moved to the application layer. With Web 2.0 the driving force behind this adoption, users are now not only exposed to network-based attacks but also to attacks that come in through their Web browser ranging from cross site scripting, cookie-injection and click-jacking.
Threats spanning from frequent online activities:
• E-mail – viruses/Trojans/worms
• Instant messaging – spam/phishing
• Online shopping – spyware/adware
• Online banking – viruses/Trojans/worms
• Personal finance – Crimeware (password theft which leads to financial loss)
• Downloading of music, movies and software – spyware/adware/phishing
• Online gaming – viruses/Trojans/worms
• Post on blogs and Wikis – crimeware
• Digital photography (upload/download free photos) – spyware/adware/phishing/ viruses/Trojans/worms/crimeware
• Internet surfing – spyware/adware/ phishing
• Online research and travel – spyware/ phishing/viruses/Trojan/worms/ crimeware
Sources - New Straits Time ( I-Tech )
