Cyber criminals are now more organized
Brian Pereira | 03 January 2009
‘Cyber criminals are now more organized’
While Virus writers were once doing their dubious deeds for fun, they are now a more organized group who trade services. Eugene V. Kaspersky, CEO, Head of Antivirus Research, Kaspersky Lab gave CHIP an insight into the latest threats in cyberspace and tells us how his company protects customers from new threats.
BY BRIAN PEREIRA
Q. What are the latest threats in cyberspace?
We are seeing various trends in the distribution of malware. It is now getting more organized. In the past people were developing viruses just for fun. Then there were cyber criminals who were independently developing malware for financial gain. Now they operate in groups. Today this has become an industry. There are organized groups of cyber criminals who plan different attacks and offer criminal services. Of late we also see the number of cyber criminals increasing. They are making malware and trading it with others.
At the moment the motive for this is only financial gain. They run botnets and trade information about botnets. It is like a chain that has everything from virus writing to hacking bank accounts. There are different groups in this chain doing specific things.
The increase in the number of malware puts an extra load on security systems.
We also see cybercrime that is politically motivated. In the past two years there were four such attacks: Estonia, parts of Russia, Marseille Islands and Georgia. These attacks are not motivated by financial gain but are a type of political warfare. This type of cybercrime involves sophisticated malware.
So we have to innovate new technologies to protect our customers.
Q. What are the solutions that protect users from these new threats?
Our solutions go beyond traditional approaches like virus databases and heuristic scanning. We now have application control technology, wherein there are different restrictions for trusted or untrusted applications. We also have security networks or security in a cloud. In this there is a remote database that has a list of infected URLs and this database is updated automatically by our customers. We also maintain a white list of safe sites on our servers. All this will soon be integrated into our corporate security solution (Kaspersky Internet Security).
Q. How do Kaspersky solutions protect against unknown viruses and future threats?
We have second generation heuristic scanning, black lists and application control for this. This checks suspicious behavior and untrusted applications. We also have automatically generated lists of infected URLs in our security network technology.
Q. Security suites are known to be resource hoggers. They occupy too much memory and slow down performance. Also, they are intrusive and keep showing popup alerts. Have you corrected this in the latest version of Kaspersky Internet Security?
We have taken certain steps to improve efficiency. For instance, if an application has been installed on a PC quite a while back, there is no need to scan it every time. Only the files that are recently modified are scanned. We are also introducing a new scan engine that consumes less memory.
One magazine did a test on notebook battery life with different anti-virus software running on it, and we were a winner in that test. So our solutions consume less resources, and hence less battery power.
Q. Since there’s a proliferation of home networks, there is a need for protecting multiple computers. Do you offer a multi user license for your home security solution?
We have different plans for different territories. In some countries we have two- or three-license boxes. We also have two or three year licenses. In India we reduced the price of our product. We will also provide special licenses for India.
In western countries we observe that every family member has his/her own computer. But one family member acts as the systems administrator. So our SOHO products have a simple administration console.
Our SOHO products have a simple administration console.
Q. Can you comment on attacks on mobile phones and MP3 players? What about hacking mobile commerce services?
There are no attacks on MP3 players because there is no financial motivation there. But we see more threats on mobile phone platforms. Yet, these are simple attacks. Simple Trojans that send SMS messages to paid services.
Attacks on mobile commerce services are very rare. Countries like Japan, where mobile commerce is prevalent, have proprietary standards. Cyber criminals from China, Latin America and Russia don’t know about these standards. That’s why Japanese smart phones are better protected.
We have a solution (Kaspersky Mobile Security) that protects the phone from malware and also protects mobile data. If your smart phone is stolen and it has a Kaspersky Mobile Security installed, then you can remotely erase the data on your stolen smart phone.