Simon Heron – SecureNet

Last week’s Talinn conference was the latest in a series of international gatherings to discuss cybercrime. Unfortunately, although international cooperation is an essential element in defeating cybercrime, these discussions have so far been unable to find an actionable agreement.

Yes, treaties have been signed and in some cases, ratified, but what use are these documents if they don’t produce results? In our new paper, The state of international co-operation on cybercrime, we explore what has been done to create an international response to cybercrime and look at what is still left to be done.

Clearly, it will take quite a while for nations to agree and implement an international strategy to fight cybercrime. It could even end up being a private sector initiative – consumers need protecting and businesses don’t have the same diplomatic worries that Governments do.

But it’s imperative that Governments keep working together to find a solution in the interim and with the UK now being responsible for almost six per cent of the world’s viruses and receiving more than its fair share of malware, it’s obvious that finding an international solution to the problem should be one of the new British Government’s number one priorities.

Meanwhile, the IT industry will keep developing defences to the increasingly varied attack vectors and  trainers will endeavour to spread the word on security to users.  However, in parallel governments need to continue to try and find some form of agreement that will enable them to fight this menace together.

Twitter users are no strangers to receiving spam tweets about trending topics, but spammers are becoming more sophisticated. As reported by TechCrunch, Twitter users are starting to get spam that gives them an @ mention and tells them to watch or read something.

This method takes advantage of the fact that Twitter users love being mentioned in a tweet and will naturally want to see what they’re being referred to. It also relies on shortened urls to hide the true url being promoted.

Unfortunately, we’re all going to come into contact with some questionable characters from time to time, both in the real and virtual world. Of course, it can be harder to judge people online, without the usual audio and visual cues that we depend on. We’re also likely to have more encounters of this kind online, due to the sheer amount of interaction that takes place there.

If someone you’ve never tweeted before, and that you don’t follow, sends you a link via twitter, keep in mind that this person is a stranger and that by clicking on the link you are effectively welcoming them into your home (for home read computer). Take precautions to try and protect against tricks as you would when meeting a stranger.

If using Firefox, use ‘NoScript’ on a website until you trust it, employ similar means on IE and Chrome. Ensure you have the latest update on your operating system, browser and anti-malware installed.

Don’t forget, if you receive a suspicious tweet you can always block and report the user for spam.

A guide on how to use Twitter securely can be down free from the Network Box website.

It was with more than a little concern that I read about Monday’s attack on the Strathclyde Police website. Sadly, attacks on websites have become all too common, but what really grabbed my attention was the statement released by the Police which highlighted a level of naivety I did not expect from the police.

As reported in The Drum:

“They ruled out viruses as the cause and said that no one who had logged onto the site, would have put their computer at risk.”

Perhaps they intended to say that they trust their employees, that they are well trained and educated about current internet threats. But, this completely ignores the fact that most people don’t willingly download viruses and Trojans onto their computers, they are tricked into doing so and frequently have no idea that they are infected.

Then there are the passwords to consider. I remember a case around 20 years ago where a Police force were securing their systems with the password ‘police’. Of course, one would expect people, especially the Police, to be far savvier these days, but weak passwords are endemic and maybe someone just did not take care. As we’ve advised before, it’s important that people change their passwords regularly, using a mixture of upper and lowercase letters, numbers and symbols rather than dictionary words or anything that would be easy to guess.

I’d also be careful about pinpointing blame. It’s unclear why China has been pinpointed as the source of the attack, but it could be anyone pointing links at a server in a country that is, perhaps, just a little slower than others in taking down servers that host malware.

Taking the website down whilst they investigate the cause of the breach is obviously the best response. It’s likely that this was some kind of SQL injection or cross scripting attack and until that error is found, the site remains vulnerable.

The one thing that is clear from this is that adequate security was not in place at the time of the attack, and that is something that will need to be remedied before the site goes back online.

Our May threat statistics are out and show that the UK is now responsible for almost six per cent of the World’s internet viruses (production is up from 3 per cent in April). This makes the UK the third largest producer of viruses after Korea (at over 16 per cent) and the US (at almost 12 per cent).

This growth in the UK suggests that end users in the UK are not being careful and either visiting malicious sites or running executable attachments to their emails. It also suggests that they are not installing good anti-virus software which is probably the most vital step in defending themselves.  It should be kept in mind that if a computer is sending out viruses, it is ‘owned’ by the hacker who is running the virus and may also be running software to find passwords and credit card details. .

Russia has seen a decline in virus production, which may be as a result of PROXIEZ-NET being taken down, but we shouldn’t assume that this trend will last. As we saw with the McColo shutdown in 2008, cyber-criminals tend to bounce back from these setbacks quickly.