Not merely a buzzword

A disturbing picture of the extent to which Internet users – from the private individual to large institutions and businesses – have become vulnerable to cybercrime came to the fore in a warning from a number of reputable sources in recent weeks. Neither is the threat restricted to the realm of cyberspace alone, supplying criminals with invaluable intelligence when planning their activities.

The most chilling warning came in the latest Security Intelligence Report (SIR) published by Microsoft, stating that cybercrime is fast maturing into a profession, in which criminals using new techniques bring their malware to the market. They are even productising malware – complete with toolkits, advanced features and services – which they sell or hire to criminals for profit.

The report was put together by gleaning data collected from about 500 million computers worldwide to provide intelligence on global online threats.

In a media release, KPMG recently stated that there has been an alarming increase in cybercrime incidents reported by international institutions such as the Internet Crime Complaint Center (IC3) and MessageLabs Intelligence.

KPMG’s manager for the Cyber Forensic Examiner Eben Louw said that statistics in May this year highlighted an increase in identity and information theft through phishing (one in every 237 e-mails), spam (90%), spoofing and spyware. This was also assisted by Fifa Soccer World Cup themed malware.

“Cybercrime is an attack that originates from or is facilitated by a computer or network system on another computer or network system. It is a very clean and sophisticated method of committing a serious crime,” he said.

The criminal threats or activities emanating from the Internet do not remain in the sphere of cyberspace, neither are they limited to people who are linked to or connect to the Internet.

Christelle Fourie, managing director of MUA Insurance, recently warned that Google Street View allows anyone to view the security features of a home, such as spikes, electric fencing, walls and the entire perimeter of a property. “Criminals are becoming increasingly sophisticated in the types of technology they employ to plan a burglary, and sites like these can actually aid someone in doing this,” she said.

Street View is merely one of a number of new online websites that are putting people at increasing risk.

“Sites such as Facebook and Twitter invite people to disclose personal information such as what they are doing at that moment and where they are,” said Fourie.

“People also post details such as holiday plans and when they will be away from home, giving criminals all the information they need to plan a burglary.”

Microsoft’s SIR confirms that Internet attackers are now largely motivated by financial gain and that they rarely act alone. Malware creators, for example, seldom conduct attacks themselves, but instead work with other criminals in online black markets to buy and sell malware kits and botnet access, according to Desmond Nair, head of
Microsoft South Africa’s Server business.

The report found that business networks continue to be most vulnerable to worms, while home users are more exposed to malware and socially engineered threats.

Breach incidents are twice as likely to occur because of human negligence – such as lost, stolen or missing equipment – as from malicious attack.

Louw said that more people are sharing sensitive information on social websites such as Facebook, which currently boasts more than 400 million users, and LinkedIn with more than 70 million users.

Sensitive information can be used by cybercriminals to commit identity fraud and eventually steal money from users.

“A serious threat to companies is the involvement of criminal syndicates that breach security systems by using authorised staff to commit fraud. Both private and public sector businesses are constantly affected by this modus operandi,” said Louw.

He added that cybercrime is not merely a buzzword, but truly an attack by serious criminals. “Our only defence is secure systems, continuous monitoring of applications, trusted staff, proper awareness and educational programmes.”

According to the SIR, for businesses, observing security fundamentals can help to create a safer, more trusted enterprise. They need to ensure that people are trained in soft skills, create a security culture in their organisation and ensure that relevant security processes are kept simple and are well published. Businesses should further ensure that they use the correct security technologies for their respective situations and that they are kept up to date.

Home users should keep up with the latest security updates, and use the latest possible versions of browsers.

Fourie cautioned individuals to be careful with the amount of information they provide when using social networking sites and to whom they disclose this information. “Besides the immediate risks they are exposing themselves to by disclosing sensitive information, they could also be faced with increased insurance premiums in the future,” she said.