development > tag this

KEEP YOUr FriENDs cLOsE

Whats that saying... Keep your friends close but your enemies closer? Well, there may be reason to assess the priority there. Rory Coen looks at the ever-evolving subject of cybercrime and how attackers are using social engineering techniques to infiltrate some of the most secure network environments.
ets start with a quick question: Have you ever received a rather dubious e-mail from a good friend? Maybe theyre telling you about a great offer on a digital camera, or about the cruise of a lifetime. They dont say much, just Hey, check out this link as if theres no time to waste. The link looks like the characters have been strung out on a clothes line for airing after spending an hour in the tumble dryer, but you cant resist clicking on it. After all, its from Joseph who spends his weekends volunteering at the local refuge centre. Joes as genuine as they come. Lets see this offer, then. Aw, but youre too smart for that, I hear you say. Many of us have become immune to these threats and we understand theyre most probably spam. In Joes innocence, he must have clicked on a dirty link himself which propagated these threats to anyone and everyone in his contacts. The general protocol is to send the e-mail to the wastebasket and tell Joe his account has been infected. But these attackers are getting smarter too, because they are doing their homework every night. If they see you as a potential

conduit to important data within your organisation, they will go online, research your hobbies and interests, identify your most trusted friends and your professional acquaintances. They will nd out what they need to know to get you to click on that link. So the next time you get an e-mail from Joe, he might be pointing you to an article that is of mutual interest. Maybe you both have a peculiar interest in Asian tomatoes, so an e-mail from Joe about this subject would seem very genuine. You click on the link and maybe it is a website about Asian tomatoes and maybe its not, but you carry on regardless, unaware of the fact that the attackers have planted a seed in the link to gain access to your machine. They can look at passwords, access les and send similar e-mails from your account to, pardon me, more important people than yourself. Now you have to ask yourself this question: How much trust does the chief executive officer at your organisation have in you or how much trust does he need to have to click on a genuine enough" looking link from you? The answer is not much. Hell probably click on it if the attackers have done their homework properly. Without knowing it, his machine is compromised. Johnny Karam, Regional Director of Symantec for the Middle East, revealed how

Symantecs Internet Security Threat Report - Key findings:

3I % 300
%
OF ALL ATTACKS - UP
72 > QATAR TODAY > JUNE 2013

SMALL BUsiNEssEs:

MOst tArGEtED EMPLOYEEs:

KNOWLEDGE WORKERS WITH ACCESS TO INTELLECTUAL PROPERTY

ON 2011

27 30% % 24
%
SALES PERSONNEL

WEb-bAsED AttAcks:

INCREASE IN 2012

an organisation in this region tested its employees in such a scenario. They sent a generic e-mail, with a loaded link, from a random account to everyone in the organisation and traced how many hits it got. The memo which complemented the link was enticing enough to convince 70% of its employees and 40% of the IT department, alarmingly, to click on it. Prey and prosecute This is just one of the ways these guys can get into your network. They prey on societys weaknesses and prosecute their agenda when they get somebody who lets down their guard. The recent attacks on Al Jazeera and Qatar Foundation were similar to this. A recipient was tickled into clicking on a link which s/he felt was genuine. And these types of targeted attack are becoming more frequent now. Symantecs Internet Security Threat Report (ISTR) reveals a 42% surge in targeted attacks in 2012 compared with the previous year. The manufacturing sector saw the greatest increase while small businesses shipped an extra 31%. Attackers may be targeting smaller businesses in the supply chain because they are more vulnerable, have access to important intellectual property, and offer a stepping stone into larger organisations, said Karam. In addition, they are also targeted in their own right. They are more numerous than large enterprises, have valuable data, and are often less well-protected than larger companies. For example, an attacker may inltrate a small supplier in order to use it as a spring-board into a larger company. They might use personal information, e-mails and les from an individual in such a smaller company to create a well-crafted e-mail aimed at someone in a target company."

SURGE IN TARGETED ATTACKS IN 2012 SYMANTEC

42%

In 2012, there was a big increase in attacks on people in research and development and sales roles, suggesting that attackers are casting a wider net and targeting senior positions below the executive level in order to gain access to companies. The increase in attacks has been particularly high overall in these two areas. Attackers continue to use social engineering techniques in targeted attacks, the report revealed. For example: messages impersonating EU officials, messages that appear to come from security agencies in the United States and target other government officials, or messages that piggyback announcements about new procurement plans from potential government clients such as the US Air Force. This shows extensive research and a sophisticated understanding of the motivation of recipients, and makes it much more likely that victims will open attachments that contain malware. This years ISTR shows that cybercriminals arent slowing down, and they continue to devise new ways to steal information from organisations of all sizes, said Karam. The sophistication of attacks coupled with todays IT complexities, such as virtualisation, mobility and cloud, require organisations to remain proactive and use defence in depth security measures to stay ahead of attacks.

This years security report shows that cybercriminals arent slowing down, and they continue to devise new ways to steal information from organisations of all sizes.
JOHNNY KARAM, Regional Director of Symantec for the Middle East.

QATAR:
Decrease in global ranking across all categories including spam, malicious code and bots. Ranks seventh in the Middle East for outbound malicious code and ninth overall for its security threat profile. Ranks eighth in the Middle East for outbound viruses, with the top industries being transport and utilities organisations.

58%
INCREASE OF IN 2012

MObiLE MALwArE

ANDrOiD
DOMINATES THE MOBILE MALWARE LANDSCAPE WITH

97%
OF NEW THREATS

ARE ACTUALLY GENUINE SITES THAT HAVE BEEN COMPROMISED AND INFECTED. BUSINESS, TECH AND SHOPPING WEBSITES ARE AMONG THE TOP FIVE TYPES OF SITE HOSTING INFECTIONS.

6I%

MALiciOUs wEbsitEs:

QATAR TODAY > JUNE 2013 > 73