Q&A: Kaspersky Lab’s Director of Global Research and Analysis
With the new year in full swing, hackers and malware makers will look at new avenues to scam and con people into divulging important information. Other attacks might be a bit more subtle than a brute force attempt, and a comprehensive anti-virus and Internet security suit is needed to fend them off. IT News Africa spoke to Kaspersky Lab’s Costin G. Raiu, the Director of Global Research and Analysis, about expected new threats and how users can protect themselves.
1. With a New Year comes new threats. What major threats do you predict will top the list of priorities for Kaspersky Lab?
Threats today can never be kept at bay; there are a number of threats which consumers and businesses should look out for in 2013. Below are some of the threats which Kaspersky Lab is actively monitoring for 2013.
· The continued rise of targeted attacks and cyber–espionage
Over the last two years targeted attacks have become a huge threat to companies, as hackers try and ‘trick’ employees into giving information up that can be used to gain access to corporate resources as a means of stealing their most important data for their own gain, which is often financially motivated.
Hacktivism is the act of hacking or breaking into someone’s computer, to steal personal or business information. As we know, hacktivism has been a huge issue for consumers over the years, however, in 2013 we expect to see a huge increase of hacking into business servers. Certainly, as technology becomes more advanced, companies are allowing their employees to connect to business servers wherever they are. Whether it is at home, a coffee shop or in a meeting room – this ‘always available connectivity’ does mean that corporate systems can be very vulnerable to hackers, especially if the systems and these devices are not protected.
· Clouds attacks
With the populatiry of cloud based servers, which hold a huge amount of data, the reality is that this data can be stolen in less than a second, if the necessary security precautions are not in place. Cybercriminals will continue to use cloud services to host and spread malware, where data stored in the cloud is accessed from a non-cloud device, giving criminals access to all personal information, bank accounts and even businesses’ most important information.
Other trends include:
· More nation-state sponsored cyber-attacks
· Government-backed use of “legal” surveillance tools in cyberspace
· Deterioration of digital privacy
· Continued problems with online trust and digital authorities
· Continued rise of Mac OS X malware and mobile malware
· Vulnerabilities and exploits continue to be key attack methods for cybercriminals
· Wide deployment of Ransomware and cryptoextortion malware
2. Do you predict a decline in malware and virus activity for this year?
Unfortunately not – especially if we consider the fact that mobility will continue to increase. This means that everyday different companies will continue to develop and launch new wireless and mobile technologies. As a result of this influx of new technology, hackers and cybercriminals will remain on the look-out for new ways to attack – especially vulnerable victims whose devices are not protected. There is no way of predicting how many viruses’ we can expect for 2013, however, from past experience, 2013 will no doubt continue to see more viruses being developed and discovered.
3. What are the most important things that users can do to protect themselves?
There are a number of precautionary steps that consumers can put in place to protect themselves from malware and viruses, and falling victims to cybercriminal activity. First and most importantly, consumers must always be aware of the realities of malware and viruses. For example consumers must never click on hyperlinks within emails that look suspicious or that they do not recognise. Additionally, mobile device and Internet users should also take the necessary steps to ensure that the devices they utilise to access the Internet are protected with the right security software, for example, Kaspersky Internet Security 2013 or Kaspersky Mobile Security. Installing an effective security solution can give the user peace of mind and the protection they require.
4. Do you predict that there will be an increase in a specific type of attack this year e.g see an increase in banking attacks or phising scams?
A type of attack which became prevalent in 2010 and is continuing to expand into 2013 is what is being termed ‘Cyber War’ and includes the likes of Stuxnet, Flame and the more recently discovered “Red October”. Cyberwar is a tactic used by nation states to target other countries’ diplomatic, governmental or scientific research organisations. The main purpose of these attacks is to gather as much important information as they can get from different organisations, which often includes geopolitical intelligence, credentials to access classified computer systems, and data from personal mobile devices and network equipment. Other cases include sabotage and attacks on critical infrastructure which can severely compromise the economy of the attacked nation. There have been quite a number of these viruses which have come to light in the past year.
5. How do African users rank in terms of online protection compared to the rest of the world?
According to the Serianu Kenya Cyber Security report 2012, over the past couple of years Internet usage in Kenya has increased rapidly due to the increased demand and the uptake of mobile devices. As Internet usage in the country continues to increase, so the Internet security breaches being reported have increased. The reason for this is the fact that as more broadband is made available to the Kenyan market, more consumers and businesses are embracing the digital world – often making them an ideal target for cybercriminals. The same can be said throughout many African countries, where broadband development is currently happening at a fast pace.
Often our experience, as it is with Kenya, is that growing economies are often tracked by cybercriminals for potential targeting as a result of these countries being ‘new’ on the Internet scene and therefore the hope of these criminals is that they do not understand the realities of Internet security. Compared to first world countries, Africa is not on par with online security; and, this certainly needs to change, as more broadband is being made available throughout the content. It is for this reason why Kaspersky Lab is so passionate about educating the African market about cyber security, to ensure that such activity can be reduced and that consumers and businesses are equipped with the right tools and know how to protect themselves from falling victims to cybercriminals.
6. What can we expect from Kaspersky Lab in 2013 in terms of new products?
Through our continuous research, Kaspersky Lab has detected an increase in cybercriminal activity towards businesses. In fact, according to the B2B International survey done in conjunction with Kaspersky Lab in 2012, 35% of companies lost data due to malware attacks and 25% of business data due to un-patched software vulnerabilities. In light of this research, Kaspersky Lab is working towards offering more products dedicated to the protection of businesses and corporate networks. In 2013, businesses can expect more security from Kaspersky Lab in this regard, which will help their companies avoid hackers, viruses and malware.
7. According to Kaspersky’s data, which virus or piece of malware was the most infectious for 2012?
We’ve covered the most important infections of 2012 in depth in our report “Kaspersky Security Bulletin 2012. The overall statistics for 2012” (please see https://www.securelist.com/en/analysis/204792255/Kaspersky_Security_Bulletin_2012_The_overall_statistics_for_2012)
For instance, on MacOS, the most virulent malware in 2012 was Trojan.OSX.FakeCo.a (52%). This malicious programme masquerades as a video codec installation file. After installation, however, no new codecs appear in the system; the installed programme behaves as an adware programme, collecting information about the user that may be of interest for marketing purposes, and then sends it to cybercriminals.
For Windows computers, the most popular malware was Trojan.Win32.AutoRun.gen, which refers to a class of Trojans that infect computers through the user of removable drives and “autorun.inf” files.
8. With more phones being connected to the Internet, how important is mobile security and antivirus software to a user?
It is critical for users to install mobile security on their devices, because as mobility grows, so too does the concept of BYOD, where employees can have access to their corporate servers. Even though BYOD helps the productivity of a company, as employees are more comfortable using their own devices, it also leaves the company in a very vulnerable position. This is why Kaspersky Lab urges all companies to make sure that all their employees have the right mobile security in place to protect the company’s documents from cyber-criminals, malware and viruses.
9. What mobile solutions does Kaspersky have?
Kaspersky Lab has a product, which helps consumers protect their phone, called: Kaspersky Mobile Security. This product provides world-class protection whenever consumers use their mobile phones to bank, to shop, check out the web or chat with friends. This product also protects users if their phone gets stolen or lost and helps protect their data, even if the sim card has been replaced.
10. What is the biggest threat that users should look for or be made aware of?
At the moment, users are facing several major threats, which if taken one by one, individually, would represent just one drop of water in an ocean of threats.
Several big threats at the moment include:
* The exponential growth of Android malware
* Next threats for Mac users
* Cyberwarfare like Stuxnet, Flame or Gauss
* 0-days and exploits
* Advanced banking Trojans like SpyEye
In particular, Ransomware is one of the threats which is growing at a fast speed and has the potential to cause massive chaos for computers users. These are a class of Trojans which encrypt the information on your PC and demand a ransom to give you access back to your data. During the last months, we’ve noticed such Trojans specifically designed for almost any country in the world, using rather innovative techniques to scare the user into paying the ransom, which ranges from $50-200.
11. Which African country is the worst protected in terms of threat detection and prevention?
The risk of online infection, which is the main source of malicious objects for users in most countries of the world, is of the greatest interest. This doesn’t mean the country is the worst protected, but it means that it is the most dangerous place for users from this place. In Sudan, 51% of the users have encountered one online attack, which makes the country the 10th most dangerous online place in the world.
Charlie Fripp – Consumer Tech editor