CICRA releases predictions on cyber security threats for 2012

CICRA that specialises in cyber security threat prevention through education and penetration testing has released its predictions on cyber security threats for 2012.

Following is excerpts of an interview with Krishnan Rajagopal, head of consultants of CICRA on the cyber security predictions for 2012. Malaysian National Rajagopal is also a consultant to Interpol and several Fortune 500 companies. He is also a highly acclaimed cyber security trainer for Certified Ethical Hacker (CEH) programme offered by the EC-Council, USA.

Q: Anti-virus software is always seemed to be one step behind attacks of Viruses, Trojans, and Malwares all the time. Why is this so? Is it because it’s like a chicken and egg situation?

A: Not really, see when a doctor wants to create a vaccine for a real world virus what happens is - he usually starts by obtaining a live sample of the virus and then this live sample is studied and all attempts are made to understand how it replicates, he then tries to find its weakness and then builds a vaccine, so that we can prevent it from spreading.

This scene of operation also applies in the world of computer viruses as well. When a new virus is discovered in the wild, these antivirus coders must first get the copy of the actual virus and then what happens is- it is broken down and then the coders try to find out how it works and how to stop it - creating what we call as a signature.

Q: You mentioned just now social media and mobile. Social media as we know is always a target. Will we see an improvement in security issues of Facebook and other social media sites?

A: Most definitely. Facebook sort of has taken the lead in this arena, it has spent massively on what we call Facebook Immune System (FIS) and it is a complex set of algorithms that monitors every photo that posted on the network, every status update, every click that is made by everyone of its 800 million users. This means 25 billion reads and writes or 650,000 actions a second. And Facebook is currently doing well at this. It is just that when this information is public, the hackers also know it. Herein lies the danger. Some recent threats have rendered the FIS unusable. We could expect more of these kinds of attacks unless these social networking sites keep their systems up-to-date and be ahead of the attackers rather than reactive.

Q: What are some of the threats that you foresee in cloud computing besides hacking, viruses and down time issues?

A: I would say lot of people over look this privilege user access area. When your sensitive data is been processed outside the enterprise that brings out a lot of risks. Because of the fact that you simply do not know the level of security controls that are present at your cloud vendor. That is one issue.

So you need to ask your cloud providers supply specific information on hiring processes on their privilege users and you need to have control over that.

Number two is the location of the data itself. Lots of people over look that. When use cloud computing, we probably won’t even know where our data stored. You might not even know which country your data is stored. Try to stipulate this if it’s possible in your contractual agreement. So at least you know where it is.And then of course try to plan a site visit to see the physical sites.

Another area people overlook is segregation of data. In a typical cloud provider - data in the cloud typically in a shared environment. Your data is alongside with data of other customers and obviously most vendors would use a common alibi of data encryption. That is not a cure-all. What you really need to do is find out what is exactly done to segregate data from the rest. What you have to find out is what measures have been taken if another customer that is using the same cloud gets attacked could it be possible that you are also a victim of same attack? Then of course last two things that you probably need to think of are recovery and business continuity.

Q: Aren’t they serious issues too?

A: This is always a serious issue.

And then of course the forensic investigation support. Most cloud vendors do not have proper logging systems. What happens is,these cloud services become very difficult to investigate because the data spread out across many places and logs may not be there, more often than not. When that happens again if you cannot get a contractual commitment to support specific forms of investigation along with some sort of prove that the cloud vendor has done this before then your best assumption is to say that - investigation and discovery request will be impossible in an event of an incident.

Q: Mobiles could be the big thing in 2012. All smart phones these days have more information than some of our laptops. What are your security concerns for smart phones in 2012?

A: Having seen into my crystal ball... smart phone users and tablet users are at risk. Having said that again let me take you back to the past. In the past of course cyber-criminals were interested in credit cards. I think they have had enough of this. I think they probably have enough cards that they don’t know what to do with it anymore.

In 2012 what is going to happen is that your social media identity is the target, that’s more valuable for cyber criminals than your credit card itself. These bad guys are going to actively buy and sell social media credentials, in forums.Best method of doing this is by combining cloud computing and social network. We call this new form of attacks’ blended attack method’.

This is a new way. What happens is, these attackers will now go through your social media friends as the first point of attack, and then of course this social media (easiest point of attack) access would be through your mobile device. We have seen that Facebook app for example on your mobile device is less secure than a browser. We have seen that. So when they would get in to your mobile phones, they then get in to your Facebook...go through your list of friends and make use of the trust that friends have on you and then carry out the next form of attack.

Because obviously from Facebook and other social media sites you will know who is your relative, your brother, your sister, your mother, your father?

That’s for sure. People tend to post personal details on Facebook and it makes it easier for the criminal to predict. For Example I could say “I can’t wait to go to Japan next week”. Next week comes along the way and if I just log off the actual user (i.e Britney Spears) from Facebook and the criminal uses Britney’s account pretending to be Britney Spears and say “Hey look, you know John, I am stuck in Japan, I don’t know what to do...I have been robbed:(“ This is a common trend that we have observed in 2011. I think that is going to continue. Only thing is the first point of an attack could be the smart phone.

Q: So what can smart phone users do?

A: Thousands of mobile device attacks are coming in to smart phones in 2012. Some of the things to look out for are like London Olympics, US Presidential election, and Mayan calendar apocalyptic prophecy are going to be leading to a lot of opportunities for these cyber criminals. The reality of course is that it is no longer fiction.

In a nut shell, simple advice is:

* Password protect your phone, tablet or any other unit.

* Do not open any e-mails if you do not know the sender.

* Even if it is from a business you know- go to the browser and type their URL / web site directly.

* Don’t answer any text messages asking for personal information,be it a bank or anyone else. This is a new trend that we call as SMiShing;’Phishing over SMS’.

* Never ever, ever click on links.

* Delete spam as much as you can. Don’t answer them ever. Even if Britney Spears is asking you for a date, don’t answer that.

* Turn-off all Bluetooth devices, when you’re not using them / actively paired.

* Every phone has got security guidelines by the vendor. Follow them.

Q: Anti-virus software providers are all going to be updating their products very soon.If you don’t have the latest release of the anti-virus software, is there a need to purchase the 2012 product, say I have a one purchased year ago?

A: If you have an active subscription then you are fine. But if not, go out and get it. As long as you have a valid subscription I think you don’t need to get another one.

Q: What are some of the basic steps that we users need to take in order to stay away from any sort of an attack. Since we cannot stop telling people to be careful what you click. What are some of the simplest basic steps that we can share?

A: I call them Britney’s Eight Steps for cyber security. There are:

1. First of all use a firewall. Keep the threats out and keep the hackers out as well.

2. Then install an antivirus software.

3. Keep it updated. Signatures have to be updated. Get the latest software updates, whether it is your Operating System or your software’s.

If someone is creating an update or a patch there is a reason for it. Most of the time it is security related. So the idea is to keep you tools sharp.

4. Then of course stop spyware. Have an anti-spyware if you are on windows especially.

5. And of course make regular backups. You never know what is going to happen, so protect your data from disaster.

6. If you are on a wireless network, make sure that you understand - that wireless networks are vulnerable; find the proper ways to get protected; they are all documented by the respective vendors; read them and follow the instructions. Use a complicated password. It doesn’t mean that when you are on WPA2 you could use the password “12345”.

7. Stop unwanted e-mails and try to have an empty spam box. Do not answer suspicious emails or spam.Delete the spam directly.

8. Then, make sure you make efforts to browse the internet safely. Make your browser is safe by turning on the safe browsing feature.

Avoid dodgy web sites and of course if you are suspicious about any email address or any other thing, Google it to find out more about it before replying to an email or a message.

Q: What is your advice on data back-ups?

A: Most of us do not take back-ups seriously. You need to back-up your data at least once every week whether you are using a laptop or a desktop.

If you are using a cloud service, it is easier since it automatically syncs with your computer.