Malware, ransomware attacks are a growing threat to computer and mobile phone!

FORGET pickpockets or thieves. The biggest threat to your smartphone now is kidnappers cyber “kidnappers” that is, with their Ransomware.

As the name suggests, ransomware is a malware (malicious software) that will keep your phone or computer a prisoner until you pay a ransom. Only when the specified amount of money is paid will you be able to “free” your device and access data or information.

Although it is not new ransomware is said to originate from Russia in 2005 and has been attacking many computers worldwide since the Symantec Corp Internet Security Threat Report (ISTR) Volume 18 revealed that ransomware is emerging as the malware of choice because of its high profitability for attackers.

Luckily, says Symantec Malaysia's senior technical consultant David Rajoo, to his knowledge, no cases have been reported here yet.

“However, as the worldwide web has no boundaries and with increasing broadband penetration and as more users are accessing the Internet, Malaysia is certainly exposed to the Ransomware threats,” he says.

Infected machines display messages which demand payment in order to restore functionality. - David Rajoo

Rajoo points out that awareness is key to combat ransomware threat.

As the report highlights, attackers are using deceptive links and poisoned websites to infect unsuspecting users with malicious software and lock their machines.

“The attackers, many of them cybercriminal organisations, then hold users' machines for ransom. Infected machines display messages which demand payment in order to restore functionality,” he tells.

Recent attacks have also displayed images that impersonate law enforcement.

Consumers on the Android platform are most vulnerable to ransomware and mobile threats, says the report.

Last year, mobile malware increased by 58%, and 32% of all mobile threats attempted to steal information, such as e-mail addresses and phone numbers.

Although Android has fewer vulnerabilities, its threats are higher than any other mobile operating system. Its open platform and the multiple distribution methods available to distribute malicious apps make it the go-to platform for attackers, adds the report.

With malware growing sophisticated every day, Rajoo adds, a mix of intelligence-based technologies can provide optimal security to stop new and unknown malware.

To avoid getting infected, ensure the device's software and anti-virus definitions are up to date, and avoid suspicious sites, Rajoo advises.

“We also advise users to use more than antivirus for protection. We recommend using advanced reputation security which provides layered defence. Use more than just Antivirus use a full functionality solution which includes heuristics, reputation-based, behaviour-based and other technologies,” he says, stressing that a key strategy is to fend off threats before they infiltrate your computer system.

Symantec Malaysia's Systems Engineering director Nigel Tan agrees that stopping the threat at the gate is important as cyber criminals continue to devise new ways to steal information from organisations of all sizes.

Staying ahead of attacks

“The sophistication of attacks coupled with today's information technology complexities require organisations in Malaysia and globally to remain proactive and use “defence in depth” security measures to stay ahead of attacks,” he added.

According to the annual ISTR which analyses the year in global threat activity, Malaysia was ranked 35th on its global Internet security threat profile in 2012.

As it highlights, there was a 42% surge last year in targeted attacks globally compared with the prior year.

These targeted cyberespionage attacks, designed to steal intellectual property, are increasingly hitting the manufacturing sector as well as small businesses, which are the target of 31% of these attacks.

Small businesses are attractive targets themselves and a way in to ultimately reach larger companies via “watering hole” techniques.

In a watering hole attack scenario, attackers compromise a carefully selected website by inserting an exploit resulting in malware infection. Through the compromised website, the attackers will target victims who visit the compromised site and take advantage of their software vulnerabilities to drop malware that will allow them to access sensitive data and take control of the vulnerable system.

As Symantec alerts, 61% of malicious websites are actually legitimate websites that have been compromised and infected with malicious code.

Business, technology and shopping websites were among the top five types of websites hosting infections. The shift of focus from government websites indicates an increase in attacks targeting the supply chain cybercriminals find these contractors and subcontractors susceptible to attacks and they are often in possession of valuable intellectual property.

The attack uses the security weaknesses in the supply chain specifically the small businesses to gain access into larger and more secured companies, adds Symantec.

Case in point is that those in sales became the most commonly targeted victims last year.

Another growing source of infections on websites is malvertisements this is when criminals buy advertising space on legitimate websites and use it to hide their attack code.

Tan urges organisations to continue to take proactive initiatives to secure and manage critical information from a variety of security risks, especially targeted attacks in the manufacturing and small business sectors, mobile malware, and phishing threats.

By HARIATI AZIZAN sunday@thestar.com

Online banking Trojans going after your money!

Online banking users in Malaysia need to be wary of sophisticated Trojans. 

IMAGINE a burglar hiding in your house and slowly cleaning out your valuables, bit by bit, without you even realising it.

According to security firm Symantec, that is the common modus operandi of banking Trojans today, which have grown so sophisticated that they are almost impossible to detect and very difficult to get rid of.

As its latest white paper the World of Financial Trojans reveals recently, malware (short for malicious software) attacked over 600 financial institutions worldwide last year.

With this growth, bank hold-ups or ATM robberies, the bank heist of choice in Malaysia these days will soon be a thing of the past.

The phenomenon is no doubt partly due to the growing trend of online banking. As banks move online to make their transactions fast, easy and convenient for customers, cyber criminals are also finding the digital route the faster, easier and more convenient mode for looting.

A big threat, the report highlights, is the rate at which banking Trojans are now developed: with state-of-the-art mechanisms to circumvent the more complex security systems and exploit their weaknesses.

“Trojans have indeed evolved and the attackers have become more specialised and sophisticated,” Symantec Corporation (Malaysia) Sdn Bhd director (systems engineering) Nigel Tan concurs.

Most worrying, is that while the United States and Japan remain top of their target list, the banking Trojans are increasingly targeting emerging economies with high Gross Domestic Products (GDP) in Asia and the Middle East like Malaysia.

Tan notes, “Malaysia is on the radar of these cyber criminals and our financial institutions experienced attacks out of the 600 reported globally last year. We are not in the top 10 of countries attacked but the threat for Malaysia is no less dangerous.”

Internet banking has grown steadily in Malaysia since it was first launched in June 2000, and is now offered by 29 banks in Malaysia. As of September last year, there were 12.8 million registered users, rising from 3.2 million in 2006 and eight million in 2009.

Predictably, cyber crimes in Malaysia have also increased, with some RM2.75bil losses recorded over five years, from 2005 to 2010, especially in the financial sector.

The fact that cyber criminals are starting to eye Malaysian banks means we need to be more vigilant and tighten up our cyber security, says Tan.

End-users need to keep abreast with what security measures there are. - Nigel Tan

“They need to look at the malware threats they are risked to and look for measures to mitigate them because any organisation will face these threats.”

However, one problem is that many of these institutions cannot keep up with the constantly evolving sophisticated attacks. Another is the gap in the ability of certain organisations to detect threats on customers systems, according to the report.

Tan concedes that the security of our financial institutions can be improved.

Another challenge is that the Trojans are beginning to work out which banks have less security, and going after them, he warns.

“There is a difference in quality between the different banks in terms of how much of the protection and fraud detection methods they put in place.

“And if you are a robber trying to decide between two houses one big house with full security or one smaller house with minimal security; it is secured with only a padlock and chain which one will you target?” Tan quizzes.

As the report sums it, banking Trojans now “enter through the backdoor, strike with clinical precision, and have evolved to a degree of sophistication that allows attackers to conduct high-value transactions while evading traditional fraud-detection measures.”

It is not that banks have been unaware of this growing threat. Since online banking was first introduced in 1994, cyber criminals have looked for various ways to attack them. By 2003, around 20 distinct banking Trojans have existed including simple keylogging Trojans and phishing, said the report.

In response, the banks bolstered their security and fraud detection capabilities.

The problem is, the cyber criminals started adapting, until most security systems and measures were neutralised.

Tan calls these cyber criminals a specialised hacking community that is no longer searching for notoriety and fame, but is in it for the money.

“Hackers now are less noisy than five years ago, but just because there is less noise right now, it does not mean that they are not there. Trojans now stay in your computer as quiet and as long as possible to steal as much money as possible,” Tan cautions.

As mentioned, an attack technique increasingly used is called “man-in-the-browser” which basically involves an application hooking into the browser and manipulating data before it is displayed.

Sophisticated thievery

The report explains, the users will not be able to detect any malicious activity but the Trojan will intercept their transactions and inject a form in the browser requesting sensitive information. Once the user submits the requested personal information, it steals the data for future thievery.

The more sophisticated Trojans can automatically execute transactions in the background, the report highlighted.

What makes it difficult to notice with the naked eye, says Tan, is that “the domain is legitimate and the security page is accurate. It is your computer that is affected, so it can steal your personal data or attack your bank.”

One thing that makes it difficult to clamp down on the attackers behind these Trojans is that it is not easy to pin the crime on them.

“Just writing malware is not an offence. It is hard to pin it as a crime, as long as the writer does not go out and sell it,” Tan points out.

It also does not help that they are reportedly organised underground groups who are not only experts at scripting and automating attacks, but are also knowledgeable about the sophisticated global financial industry and supported by a service industry of widely available malware.

It is akin to organised crime, he opines.

As the report puts it, “The financial fraud marketplace is also increasingly organised. It is a service industry where a wide variety of financial Trojans, webinjects, and distribution channels are bought and sold. Services being offered are dedicated to each aspect of a financial fraud campaign. These offerings will improve effectiveness of established techniques.”

The Top Three of the “Most Wanted” malware list in 2012 were the Zeus Trojan, also known as Zbot (+ Gameover), having compromised more than 400,000 computers worldwide; followed by Cridex at more than 250,000 computers compromised and Spyeye at more than 50,000.

Symantec also points to third-party remote webinjects which can circumvent security countermeasures, targeting a large number of financial companies “concurrently and intelligently” as posing a threat to financial companies.

According to the report, it is not only the main financial organisations like commercial banks that are high on the list of targets, but also organisations that perform online financial transactions such as automated clearing house payments systems and payroll systems.

It is thus crucial for the “good guys” to be alert all the time. They can't slip up and must put in place adequate security mechanisms and take strong measures to deter attackers from targeting these institutions, Tan urges.

Ultimately, users cannot leave the responsibility for security solely to the institutions, he warns.

“End-users need to raise their awareness of the threats out there as at the end of the day, the criminal will go through the end-user to attack the financial institutions.”

The best measure, he stresses, is not to get infected in the first place, so installing a good anti-malware programme on your personal devices is crucial.

As he puts it, anti-malware solutions can stop the malware, even if you were already infected, shares Tan.

“The scanning will pick it up and delete it off your system.”

Tan also emphasises ongoing education in security, as the threats are constantly evolving.

“There will not be a point where you can say this is it. This is what everyone should do. End-users need to keep abreast with what security measures there are.”

Good practice needs to be adopted such as reading the message box or running an anti-virus before downloading anything from a website.

“Most of the time when people get a pop-up to say that you have a malware, they just cancel it or click it close, or when it says your computer is infected, they just ignore it.”

Significantly, Tan says this is not a call to say that Internet banking is bad.

“Quite the contrary. Internet banking has a lot of benefits.

“But as we embrace any new technology or media, we just have to be aware of what the threats are on the Internet. As long as we take adequate protection, we will be safe.”

By HARIATI AZIZAN sunday@thestar.com.my