Loading...
See More

The next big scare

Dec 04 2012 07:20 Arthur Goldstuck
teen at pc


Related Articles

Cosmic cube

The online video experience

Acer joins the fray

The week the world changed

Bye bye, print

Nokia makes its move

 

THE WORLD of hi-tech is so focused on the next big thing in gadgetry, it tends to forget that each new gadget and every new advance comes with new vulnerabilities.

These go by many names, from malware and spyware to ignorance and stupidity. The biggest and the smallest of entities fall prey. At the beginning of 2012, South Africa’s Post Bank lost R42m to hackers using fairly basic equipment. Yet, that’s a fraction of the losses suffered by individuals. 

According to the 2012/3 South African Cyber Threat Barometer released recently by Wolfpack Information Risk, a total of R2.65bn has been stolen in cyber crimes in the past 18 months. A full three-quarters has been recovered, but that still leaves a loss of R662m.

Clearly, it is no longer enough to install anti-virus software. As the smartphone market explodes across Africa – 2013 will for the first time see more smartphones than “ordinary” phones sold in South Africa – viruses and scams will increasingly target these devices. And being on the southern tip of the least connected continent won't protect anyone. 

“The trends in Africa pretty much follow trends in the rest of the world, because it’s an online environment. It's about a global scenario rather than specific threats,” says Riaan Badenhorst, recently appointed Head of Operations for Kaspersky Lab Africa.

While low internet penetration ironically protects Africa from much of this onslaught, the shift to mobile threats is beginning.

Android devices in particular are vulnerable, as there is little filtering of apps released for the operating system. Apps for iOS, the Apple mobile operating system for the iPad and iPhone, all have to go through a strict vetting process. Even that won’t fully protect their users.

“Most of what we are seeing is phishing malware, which hunts for specific information on the devices,” says Badenhorst. “People think anything on their phone is not accessible, and they tend to lower their guard.”

The warning is underlined by the fact that the company’s latest product range includes packages entitled Kaspersky Tablet Security and Kaspersky Mobile Security.

However, it is their flagship product, Kaspersky Internet Security 2013, that offers a true insight into the range of threats facing every computer user.

Aside from the usual anti-virus and e-mail protection, it includes specific safeguards against spam and phishing, provides child security and parental control options, and something called “secure keyboard”. This protects the user from hidden software that monitors keystrokes and sends data like passwords, ID numbers and bank account details to the creators of the malware.

In the coming year, Kaspersky will build on its corporate offerings, but it is on the personal level where it has made the biggest difference.

If Kaspersky has raised the bar for consumers, companies like Symantec and EMC are doing the same for large enterprises.

“Anti-virus and anti-spam on their own are no longer enough,” says Gordon Love, Symantec regional director for Africa. “The message has evolved, and Symantec is repositioning itself from basic security to information protection.”

While the consumer is concerned with safety on a couple of devices, the enterprise has numerous areas of responsibility, from looking after customers to maintaining the confidence of investors.

“The major drivers of protecting the enterprise are around intelligence, managed security, and compliance,” says Love. “It’s driven by both existing and expected legislation on corporate governance, and focuses not only on the data, but also on how the data flows through the business. We back up 50% of the world’s data, and have to protect it when it’s at rest or on the move.”

Last year, Symantec blocked 5.5bn malicious attacks – and that number has already increased by more than 80% this year. Symantec ranked South Africa 43rd in the world for number of attacks in 2011 – up from 46th the year before.

“Initially all this hacking and malicious activity was targeted around fame for the hacker,” says Love. “The next phase is how to extract financial benefit from it.”

One of the more sophisticated tricks is to create a virus that fools users with warnings that their systems are infected, and invites them to click through to a link that will clean their system – for a fee, payable by credit card. You can see where that story ends...

As a result, even the vendors who offer free versions of their anti-virus products have upped their game. AVG, which uses a “freemium” model – a free basic version of AVG Internet Security can be upgraded to a paid-for premium edition – says it is now “more than just an antivirus company”.

“Computers and devices have become an extension of every individual at work and at play,” says JR Smith, the company’s CEO. “In today’s world, we're not just securing machines. We’re securing people’s digital life.”

But that may not be enough.

In a report released last week, Symantec security practices expert Grant Brown warned that a new form of scareware is emerging: “ransomware”.

“Ramsomware goes beyond attempting to fool its victims; it attempts to intimidate and bully them.”

While this “business model” has been tried before, says Brown, it suffered from the same limitations of real life kidnapping - there was never a good way to collect the money.

“Cybercriminals have now discovered a solution to this problem using online payment methods. They can now use force instead of flimflam to steal from their targets. As it is no longer necessary to con people into handing over their money, we can expect the extortion methods to get harsher and more destructive... attackers will use more professional ransom screens, up the emotional stakes to motivate their victims, and use methods that make it harder to recover once compromised.”

Brown points to the core threat facing regions like Africa, but also to the core of the solution:

“As accessibility to technology and access to internet connectivity become more affordable to previously untapped markets, security education needs to form part of any online strategy.”

*Arthur Goldstuck is managing director of World Wide Worx and editor-in-chief of Gadget.co.za. Follow him on Twitter or Pinterest on @art2gee.

 

Follow Fin24 on Twitter and Facebook

arthur goldstuck  |  cyber crime
NEXT ON FIN24X

Mini budget worth a cheer

23 minutes ago

 
 
 

Read Fin24’s Comments Policy

24.com publishes all comments posted on articles provided that they adhere to our Comments Policy. Should you wish to report a comment for editorial review, please do so by clicking the 'Report Comment' button to the right of each comment.

Comment on this story
3 comments
Add your comment
Comment 0 characters remaining
 

Company Snapshot

We're talking about:

Small Business

Retailers of any shape and size can now unlock the power of mobile transacting.
 

Money Clinic

Money Clinic
Do you have a question about your finances? We'll get an expert opinion.
Click here...
Loading...