by Bitdefender Security Specialists, on 17 May 2011
Alexandru Catalin Cosoi, head of the Online Threats Lab at BitDefender, will be presenting his paper "The Low Hanging Fruit" at the second Virus
Bulletin's "Securing your organization in the age of CyberCrime"
Seminar. You can hear him give his talk Tuesday 24 May 2011 at the OU campus, Milton Keynes, UK.
In the last ten years, we have witnessed an arms race between the underground economy and security vendors. While spammers and malware writers have evolved and fine-tuned their techniques year by year, security companies have created more and better detection technologies. At the same time, operating systems have evolved too, by learning from past experience and by changing their architecture in order to become more secure; the Internet has transformed from just a source of information and a fast method of communication to an entire virtual world. We've noticed several revolutions, both in terms of software (social networks, instant messaging, voice-over-IP) and also in terms of hardware (smaller notebooks, netbooks and smartphones). Basically, nowadays, anywhere you go, you can be connected at all times. The underground economy has also flourished, since it constantly expanded and invested in all these new ways of making money.
The industry and the government have been also educating the masses regarding security threats and we believe that a certain level of basic knowledge has been reached. However, while most users are able to detect a basic spam message or to secure themselves against classical malware, they are totally unprotected against social engineering. While creating a good piece of malware required a high level of technical expertise, creating a good socially engineered message that would convince the victim to perform certain actions requires only a few PR skills and since keeping it short and simple is always a good idea, attackers will always go for the low hanging fruit. For instance, there are at least half a million Facebook users giving away their confidential information by installing 'see who viewed my profile' applications and several smart phone users that install applications with a secret agenda.
What we need to do is to continue educating our users about the new emerging threats, about technology and about social engineering. We also need to create and spread the necessary tools to keep our users safe. Staying connected at all times and excessive portability means that a user can easily bring the threats that got to him into your company or into your organization. Keeping users safe and keeping them away from all the scams that lurk on the Internet makes the task of keeping institutions safe a lot easier.
For more information, you can visit the conference website: http://www.virusbtn.com/seminar/index
Bitdefender Security Specialists