Published on April 29th, 2016 | by Admin
Nick Savvides Interview (Cyber Security Expert at Symantec, the makers of Norton)
In your findings, why do you think Australia is the most targeted country across the Asian Pacific region?
The Symantec Internet Security Threat Report (ISTR) Vol, 21 found Australia was the number one target both in the Southern Hemisphere and the Asia Pacific and Japan (APJ) region for ransomware attacks. Australia is seen as a prime target by cybercriminals because we are an affluent nation with highly disposable incomes and large amounts of connected devices across the country. Our research shows that almost all of the top 12 countries impacted by ransomware (11 out of 12) are members of the G20, representing industrialised and developing economies that make up roughly 85 percent of the world’s global domestic product (GDP).
Were you surprised from your founding that malware has exponentially increased over the six year period from 2009 to 2015?
Unfortunately not – in fact, it was expected. Attackers and the way that they attack are getting better and more sophisticated. The marketplace is as active as ever. Attackers are well-resourced and are more savvy, actively working to bypass security mechanisms in place because more often than not, those affected will not have a multi-level security solution in place.
With the report, what were you most shocked about?
Symantec discovered more than 430 million new unique pieces of malware in 2015, up 36 percent from the year before. Perhaps what is most remarkable is that these numbers no longer surprise us. As real life and online become indistinguishable from each other, cybercrime has become a part of our daily lives. Attacks against businesses and nations hit the headlines with such regularity that we’ve become numb to the sheer volume and acceleration of cyber threats.
If people run non-Windows based websites, how can they protect their information and property from hackers?
Website owners still aren’t patching and updating their websites and servers as often as perhaps they should. This is like leaving a window open through which cybercriminals can climb through and take advantage of whatever they find. Over the past three years, more than three quarters of websites scanned contained unpatched vulnerabilities, one in seven (15 percent) of which were deemed critical in 2015.
In relation to crypto ransomware, does Symantec work with agencies around the world to help prevent this?
Symantec works with governments around the world to help prevent businesses and consumers from being attacked and we are also partner closely with governments on awareness and education campaigns targeted at both consumers and businesses.
With crypto-ransomware and the news that FBI have broken into a locked Apple smartphone, do you feel that anyone is closer to breaking these malicious codes?
The use of encryption in cryptomalware is very different to the whole device encryption used on devices; while the algorithms may be the same, the use and application are different. The encryption schemes being used by cryptomalware are very sophisticated, as they generally use the strong AES encryption algorithm and now generate unique encryption keys for every file encrypted. There is no evidence today that the encryption algorithms themselves being used are vulnerable to mathematical attack.
Looking into the future, how do you think the threat landscape will change?
Over the last year, Symantec has seen an increase in proof of-concept attacks and growing numbers of IoT attacks in the wild. In numerous cases, the vulnerabilities were obvious and all too easy to exploit. IoT devices often lack stringent security measures, and some attacks are able to exploit vulnerabilities in the underlying Linux-based operating systems found in several IoT devices and routers. Many issues stem from how securely vendors implemented mechanisms for authentication and encryption (or not).
Here are some examples:
- Cars: Fiat Chrysler recalled 1.4 million vehicles after researchers demonstrated a proof-of-concept attack where they managed to take control of the vehicle remotely. In the UK, thieves hacked keyless entry systems to steal cars.
- Smart home devices: Millions of homes are vulnerable to cyberattacks. Symantec research found multiple vulnerabilities in 50 commercially available devices, including a ‘smart’ door lock that could be opened remotely online without a password
- Medical devices: Researchers have found potentially deadly vulnerabilities in dozens of devices such as insulin pumps, x-ray systems, CT-scanners, medical refrigerators, and implantable defibrillators.
- Smart TVs: Hundreds of millions of Internet-connected TVs are potentially vulnerable to click fraud, botnets, data theft, and even ransomware, according to Symantec research.
- Embedded devices: Thousands of everyday devices, including routers, webcams, and Internet phones, share the same hard-coded SSH and HTTPS server certificates, leaving more than 4 million devices vulnerable to interception and unauthorised access.
We expect to see more stories like this in the coming year. If a device can be hacked, it likely will be. In addition, where there are proof-of-concept attacks, real attacks invariably follow. We may even expect to see IoT devices as the preferred route for attacking an organisation, and potentially the most difficult for incident response staff to recognise and remove. Given the present poor state of security on connected devices, they will present an increasingly attractive target to criminals who look for easy targets in the same way that burglars prefer houses without alarms or resident dogs.
What are some words of advice that you could give to consumers and businesses to protect their information and identity?
- Don’t get caught flat-footed: Use advanced threat and adversary intelligence solutions to help you find indicators of compromise and respond faster to incidents.
- Employ a strong security posture: Implement multi-layered endpoint security, network security, encryption, strong authentication and reputation-based technologies. Partner with a managed security service provider to extend your IT team.
- Prepare for the worst: Incident management ensures your security framework is optimised, measureable and repeatable, and that lessons learned improve your security posture. Consider adding a retainer with a third-party expert to help manage crises.
- Provide ongoing education and training: Establish guidelines and company policies and procedures for protecting sensitive data on personal and corporate devices. Regularly assess internal investigation teams—and run practice drills—to ensure you have the skills necessary to effectively combat cyber threats.
- Use strong passwords: Use strong and unique passwords and update them every three months. Never use the same password for multiple accounts.
- Think before you click: Never view, open, or copy email attachments to your desktop or execute any email attachment unless you expect it and trust the sender.
- Protect yourself: For maximum protection against threats, use a modern internet security solution that includes antivirus, firewalls, browser protection and reputational tools.
- Be wary of scareware tactics: Versions of software that claim to be free, cracked or pirated can expose you to malware. Social engineering and ransomware attacks will attempt to trick you into thinking your computer is infected and get you to buy useless software or pay money directly to have it removed.
- Safeguard your personal data: Limit the amount of personal information you make publicly available on the Internet (in particular via social networks). This includes personal and financial information, such as bank logins or birth dates.