Security firm Sophos has recently returned its 2010 mid-year Security Threat Report, and whilst many things remain the same, there are plenty of new security vectors for the connected among us to deal with.  And with a NBN on the horizon, there may be plenty more of us connected in the near future.  iTWire sat down with Sophos AP Managing director Rob Forsyth and Senior Vice President of Worldwide Field Ops, Michael McGuinness to discuss.

If there is one thing that is clear from the latest Sophos mid-year security threat report, it is that traditional attacks on private data are still prevalent.  Perhaps the vectors are shifting but figures show Spam, Phishing and Malware are still a major source of worry for security personnel world-wide.

How can this be the case?  Why is it that the general public are continually fooled by Spam emails for example?  And beyond these basic questions, why don’t people, armed with the knowledge of rising online fraud crimes shy away from using services such as Internet Banking?

Michael McGuiness, Sophos’s Vice President of Worldwide Sales and Field Operations tries to explain “A general observation that we would make is that most people will default towards convenience over security. Though people are aware that credentials could get stolen, and bank accounts compromised creating a situation, at best a huge nuisance and at worst at significant financial loss for them, they are still unwilling to go back to the point where they hand write cheques and lick stamps.”

McGuiness continues, “The same is true in the corporate world, employees of a corporation understand that using an iPhone is not as secure as a Blackberry, they still demand the iPhone.  It starts at the top, it’s not somebody sneaking one in at the lower levels of the organisation, and it’s the CEO demanding the ability to use the iPhone to communicate with the board of directors about a critical earnings announcement.”

The Security Threat Report shows that the traditional security attacks are migrating to social networks such as Facebook and Twitter.  Since April 2009,moving into 2010 reported Spam attacks reported from social networks increased from 33.4% to 57%, Phishing from 21% to 30% and Malware from 21.2% to 36%.  It is clear that criminal activity is moving into the online worlds increasingly populated by everyday internet users.

“The most common way to get infected these days is no longer double clicking on an attachment in an email, but rather following a link to a website,” explains McGuinness “Which is why the social networking vector is becoming more prevalent and prominent. It fools people, if you go to Facebook and up on your news page your best friend says ‘isn’t this cool?’  You don’t necessary think, wait a minute, was his account compromised? And was this sent as a way to entice me to a malicious website?  I start to think that way now, but I didn’t necessarily a month or two ago. “

McGuinness continues “You look at something and say, is that really what my best friend would have done. You don’t have to go to a website and click on something; you only need to be at the website and malicious code will execute, if you are unprotected.”

The organisation of criminals attempting to get hold of your private information is getting more professional by the year.  One way of enticing traffic to malicious websites is no longer simply to present an alluring link, instead malware writers are using current news events and search engine optimisation techniques to simply put their sites at the top of an innocent Google search.

Obviously money is being made by these organisations.  “It’s growing, it’s profitable, and it’s much more professional.” Says McGuinness  “ I have this vision of a modern malware author-hacker out there is a guy with a lunch box, [access] badge, health plan and a desk.  They show up at the office, badge their way in, and spend a day trying to steal your money, punch out, go home and coach the kid’s soccer team.”

“If you ask most people where does most malware come from?” says McGuinness “They would say Russia or China, but you can see from the report that it comes from the U.S.”

42.29% of Malware is hosted in the U.S according to the report, with China at 10.75%, Russia at 6.13% and Germany and France around 4%.

McGuinness is quick to point out that things are changing in China “Even more recently China has dropped much further down the ranking, the suspicion is that Chinese are just stopping out-bound spam.  If they determine a high volume spammer is residing in China they just shut down that IP address.  So I think China has become a very good corporate citizen of the internet in the last six months.”
How can the everyday computer user hope to beat organised crime gangs constantly attacking and probing for digital information?

McGuinness says” We are in a different world. When you were young, you had your parents to teach you when to cross the road safely, cross when there is a green man, not when there is a red man.  But who’s teaching our society currently about what is good and bad?  We are having to learn by accident.  We have the largest social change that has probably ever occurred in our social history, and that change is happening around us right now, legislation is a couple of years behind, law enforcement is a couple of years behind and one of the good elements that isn’t behind is the media.  I think you guys are doing a good job publicising what is good and bad whilst our society goes through its learning. “

Thanks Mr McGuiness, but there must be more weapons in our defensive arsenal?  McGuiness goes on “The other element other than good legislation and good education is obviously good technology, we are getting better at integrating and making that simpler.  The enemy of security continues to be complexity, so bringing together good elements of education, legislation and technology I think we will win the battle one day, but I think we are really only at the start of that process.”

How does a company such as sophos stay on top of new technology in this new world?  What are security firms doing to protect the public where a new connected device hits the market every month?

Roby Forsyth, Managing Director for Sophos in Asia Pacific explains” We actually have more people baking in security to new technology rather than bolting it onto the outside, so if you have a new product coming to market and you want the market to perceive it is a good product to use, and you haven’t thought of security then you will not be successful.  So that is why Sophos works with so many OEM partners to ensure we bake in their security.  I think we are getting better at it, there is a long road ahead but each new product that comes on the market is more secure than its predecessors.”

Michael McGuinness expands on this”Many of our customers are concerned about additional devices that they consider insecure, for example the iPhone, the iPad, however, the concern right now is less about malware and more about information loss.  It is very easy for people to carry around huge amounts of information on these devices, and if they are lost, or stolen or somehow compromised then that information is out in the wild, with potentially significant ramifications both in terms of regulatory compliance, IP protection even legal action.  We are a company that focus both on malware as well as helping companies with information protection, so we start to put in capabilities into our products that let companies assign policies for different types of device interaction.”

In Australia our (yet to be decided) Government is wrestling with the best options for connecting even more people to the internet, whether it is fibre to the home or some other technology, chances are that over the next few years even more folks will be greater consumers of connected technology than ever before.
Forsyth is also the Deputy Chairman and Treasurer of the Internet Industry Association of Australia and certainly has some thoughts on what the NBN may mean for the country:  “ The delivery of high speed broadband to our society, comes with some security risks to those that haven’t been exposed to it previously.  I suppose I am keen to see the rollout of any future broadband network have security baked in rather than tacked on.”

Forsyth continues “If we have a disadvantaged community in a remote part of Australia, who has not previously been exposed to the internet, and is suddenly given a 1GB link to their premises, that’s going to be a serious security risk to expose them to the worst of Eastern European crime.  It doesn’t matter if that is delivered wirelessly or  fibre, whether it comes at 12MB or 1GB, we still have an education process to go through, and if the government are going to get involved in delivering then they must take responsibility for delivering it safely.  We don’t build roads without having rules on those roads, without driver education and without standards for seatbelts and air-bags, there is a whole range of things that come together for that kind of safety, and should exist in any type of rollout of a National Broadband Network.  One way or another the society will end up with a fast broadband network, the delivery mechanisms will be decided on through government initiatives and commercial realities of what can be afforded, so I have no doubt we will get there, but I want to get there safely.”

Finally, there was a time when one of the selling points for Apple’s range of technology was that it was relatively immune to many security attack vectors.

McGuinness says” Don’t underestimate the bad guys, be very certain that they are in a free market economy, and so they invest their resources where their likely to get the greatest amount of return.  Historically Macs were a relatively low percentage of users, especially if one of the objectives might have been to steal corporate information.  I would say, in the U.S [today] Macs are fifteen percent of the corporate population, and growing.  And those fifteen percent are often contain the most valuable information, because their C level executives or key designers, or creators of intellectual property within an organisation.  They are the ones that feel they have the need or the power to say ‘I’m getting a Mac’.  As the prevalence of Mac use increases in both the home and the corporate environments, the bad guys are just going to start to target the Mac.”

Source: http://www.itwire.com/business-it-news/security/41466-sophos-dont-underestimate-the-bad-guys