WASHINGTON – Rob Housman, Executive Director of the Cyber Secure Institute, released the following statement concerning the latest quarterly report by PandaLabs showing that Americans are at a greater risk from online threats than ever before. Malicious links on social networking sites such as Twitter and Facebook have helped fuel a sudden increase online threats in the third quarter of 2009.
The third quarter was a record breaking one for hackers when it came to creating new threats. From July to September PandaLabs noted over 5 million new strains of Malware. Most of these new strains were banker Trojans, which steal information such as bank accounts, usernames, passwords and credit card details from your computer and send it to the hacker.
PandaLabs found over 50,000 new forms of malware each day.
This surge was also responsible for increasing the number of infected personal computers across the globe to 15%.
Cybercriminals have also been increasingly taking advantage of social networking sites to spread the Koobface worm, which infect a user’s computer and, unbeknownst to the user, use their computer to spread other computers.
The worm spreads by posting malicious links to the virus on a user’s personal social networking page and also includes scareware designed to fool the user into buying phony antivirus programs.
Criminals also took advantage of search engines to spread malware, duping people into visiting infected sites by using popular search terms.
Housman said:
“Social networking links us all closer together, which in turns makes us all more vulnerable. More people than ever are using social networking. There are over 300 million people actively using Facebook and Twitter is growing at a staggering 1382% each year.
These networks are only as strong as their weakest link and one person’s risk becomes everyone’s risk. Hackers understand they are vulnerable to prey. Because of their sheer size, social networks have accelerated the spread of these worms. What used to take months to spread now can take hours.
Every year these criminals are responsible for billions of dollars worth of theft from American individuals and businesses, not even taking into account the amount of money these individuals and businesses spend on having the malware removed.
However, this does not need to be the case. Most businesses and individuals in America are relying on systems that are inherently insecure to protect them from cybercriminals.
Technologies do exist that can effectively protect us and those in our networks. These technologies are NIAP-NSA certified against the most sophisticated threats. The NSA-NIAP system utilizes Evaluation Assurance Levels in conjunction with the Common Criteria security profiles to grade both the security of systems and indicate the level of confidence in that grade. These levels range from EAL1 (minimal security) to EAL 7 (highly secure). Most of the IT systems that we now rely on have been certified up to EAL4+ and only for inadvertent, non-hostile and unsophisticated attacks.
The fact is these hackers are anything but unsophisticated and they are taking advantage of anything they can. According to the PandaLabs report, “Cyber-crooks’ are trying to infect the maximum number of computers possible, exploiting vulnerabilities and using social engineering techniques in spam messages, social networks and search engines through Blackhat SEO techniques.”
These hackers are not your proverbial kids hacking away in the basement while their parents are asleep. Many of these hackers belong to international organized crime rings. These recent growth in malware highlights the success the hackers are having and the failure of our current hack-and-patch systems.
Fortunately, there are now systems—for example Integrity Global Security and Tenix—that are certified at EAL 6+ against the most rigorous security profiles. However, we have yet to deploy them and will remain vulnerable until we do so.
