Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
Editor's Blog and Industry Comments

Keeping pace with cyber-criminals

10 March, 2014
ProSecurityZone spoke with Kaspersky Lab's senior security researcher about the changing face of malware threats

Sat in a very pleasant little cafe in Marylebone enjoying a chat and a light lunch with Kaspersky Lab's senior security researcher, David Emm, it would be hard to believe that anything malicious existed but in the darker world of cyber crime, David has seen it all and the deeper you dig, the less pleasant it gets.

Not that you would guess from his demeanour. David has gained his stature in the industry through his deep understanding of the nature of cyber crime and communicates it well without recourse to cliches, hysterics or hyperbole. Such a calm and knowledgeable approach to fighting off the onslought of malicious software is the only way to do it, there is just too much activity in the war against the cyber criminals to be at all disorganised. Such an approach would result in failure.

The anti-malware industry is highly volatile and the products offered on the market are constantly changing to match this volatility. If you thought that it's easy revenue to sell a software licence then watch the renewal fees roll in year after year, then think again. Most of Kaspersky Lab's staff in Russia, the UK and other offices around the world are technical and are involved in either research, product development or technical support. The company places very high emphasis on maintaining the high level of its brand profile by making sure that its products meet market expectations. Companies that don't take this approach will fail to protect and ultimately drop out of the market like a stone.

The battle to stay on top of the evolution of threats would be unimaginable in the physical world where the thought of thieves, vagabonds, con-men and annoying thugs constantly roaming the streets is a dreadful prospect. In such a world, strict enforcement of the laws would be necessary and I asked David if this wouldn't also be the case in the cyber-world.

According to David, everything is being done to tighten security to prevent attacks from being successful. Enforcement is carried out to some extent but the problem is international in nature so there are significant issues relating to governance and jurisdiction.

The global nature of cyber-crime is also characterised by regional variation, he told me. A good example is in Kaspersky Lab's home territory of Russia where mobile users face real dangers of losing funds from their phones through malware which dials premium numbers, a very easy way for local criminals to make money. The problem isn't faced to the same extent in Western Europe due to the difficulties of setting up a premium rate number without being traced.

In the case of premium number diallers as with most malware, it is individuals who are most likely to be targeted and increasingly, it is the end user who is bearing the onus of responsibility for protecting themselves. Service providers are now less likely than before to accept some responsibility for insecure systems.

A good example is the retail banking industry which funded customer losses for banking security breaches. Banks are now trying to distance themselves from the accountability for cyber crime by recommending the installation of security software on subscribers' computers, the implication being that if the software isn't installed as recommended, then any breaches that occur will be the users' responsibility. Despite this, according to research by Kaspersky Lab, nearly half of all online banking users believe that the bank will refund fraudulent losses and 57% believe that everything that needs to be done to secure online transactions is taken care of by the bank.

The problem of online fraud shouldn't be underestimated; "Action Fraud" is the national online fraud reporting centre for the UK and it currently receives more than 1000 fraud reports everyday, more than the dedicated fraud police team can remotely hope to handle. With the prospect of no action being taken and no feedback received, many more victims of fraud don't even bother to report it.

With the banks taking self-protective measures against pay-outs for online banking fraud and the enforcement authorities so overloaded that they can't handle the workload, the emphasis is increasingly on the end users to make sure they're protecting themselves to the fullest possible extent.

To do this, they rely on the security industry to provide them with reliable protection at affordable prices that is simple to use, as transparent as possible and which remains effective as the threat landscape changes. David Emms and others like him in the industry have the task of ensuring that they fulfill this huge responsibility.

More information on the Kaspersky Fraud Prevention platform can be found here: "Nearly half of online bankers believe banks will refund fraud losses"

* Andy Pye is a technical journalist specialising in manufacturing systems, engineering technology and security. He contributes to a range of titles in the technical press.


Bookmark and Share