Panda Security Insight

The announcement has just been made public of the arrest of the suspected cyber-criminals behind Mariposa, one of the largest botnets ever reported. This operation has been possible thanks to the joint effort of the FBI and the Spanish Guardia Civil, together with Panda Security, Defence Intelligence, and Georgia Tech Information Security Center. CDmon, the ISP where the criminal domains were hosted, has also participated in the investigation.

The criminals behind the Mariposa botnet controlled almost 13 million personal, corporate, government and university computers in more than 190 countries. The stolen information included account information, user names, passwords, banking credentials and credit card data. The analysis is ongoing and a more comprehensive report from Panda Security will be available at http://pandalabs.pandasecurity.com shortly.

Of course, we’d like to congratulate law enforcement agencies – the FBI and the Spanish Guardia Civil- for their excellent work that has resulted in three arrests. This kind of operation is not always simple: The global nature of the criminal activities committed on the Internet makes it very hard and slow to prosecute Internet mafias.  However, in the words of Juan Salom, Chief of the Guardia Civil’s Cyber-Crime Unit, the coordinated effort of various international law enforcement agencies and the Guardia Civil, with collaboration from the Internet security industry, have been able to tackle the global threat of cyber-crime.

Operations like this are a great victory in the fight against Internet crime. However, this is just the first step, and its effectiveness will depend on the punitive action taken. Should this not be stiff enough, it will not serve as an example for those who are making millions of euros from these illegal activities. I am thinking of the likes of Ehud Tenenbaum who, after being found guilty of launching attacks on the US and Israeli governments computers, was finally sentenced to 6 months of community services. That was in 2001. In August last year, he was arrested again for a fraud operation amounting to 10 million dollars against a number of North American banks. There is a need for more dissuasive sentences.  If we want to fight cyber-crime, a more profitable activity for mafias than drug trafficking, we must make it less rewarding so that those who want to benefit from it understand that “it is not worth the risk”.

At Panda Security we strongly believe that the fight against Internet crime requires collaborative efforts from the computer security industry and public institutions in all countries along the following lines:  

1. Raise public awareness of the global threat that cyber-crime represents and its huge impact on our economy (we can’t just open our eyes to it whenever stories such as the Mariposa botnet shutdown make the headlines)
2. Push for implementation of proper legislation that is strictly applied through dissuasive sanctions (developing that legislation requires collaboration from regulators and the security industry so that laws reflect the ever-evolving reality);  
3. Train people in working groups, both in the security sector as well as government institutions and law enforcement agencies, so that they can develop adequate prevention and remediation technologies and prosecute criminals effectively.

Only when the public and private sectors work together will there be a chance to improve a situation which, unfortunately, gets worse every day due to the huge profits earned by hackers and Internet mafias. This collaboration must take place at an international level to be able to combat these supra-national organizations. Today’s news reassures us that it is possible to improve the situation. We cannot dream of eradicating cyber-crime, however, there is a clear opportunity to have a much more secure Internet if we keep working this way.

More information:

• Press release
• PandaLabs Blog
• Video: Q&A about Mariposa

Tweet This Post 

Malware, Raising of awareness, security

Even after all these years, I never cease to be surprised by the durability of certain myths surrounding the IT security industry. Like urban legends, these myths seem to linger for years, with adaptations and variations to suit all tastes. Here are some of the more common ones, yet I’m sure there are plenty of others.

• The greatest myth, without doubt, about the IT security industry is the one about the antivirus companies making the viruses. This has been going at least since our company was set up, some 20 years ago. Of course, this claim is absurd, particularly considering that we currently receive more than 55,000 new and different viruses every day.  Also, I think this would be a very difficult secret to keep under wraps for the more than 20 years that the industry has been protecting users.  One of the real problems that we have had to resolve in the sector over this time is how to process all of this malware in order to protect our users. The truth is that it is criminal gangs -operating in line with a cyber-crime business model- that are behind the creation and distribution of all of this malware.
• Another similar canard about the security industry is that hackers are frequently employed by the antivirus companies. Obviously, here I cannot speak for the rest of the industry, but at Panda Security this is an issue that has always greatly concerned us, and we have never knowingly contracted hackers who have operated “on the dark side”.  We have however (and we are always on the lookout if anyone is interested) contracted white-hat hackers.  The profiles are varied: engineers, mathematicians, physicists, self-taught, etc.  What all of them have in common is a genuine interest -sometimes a real passion- in IT security. 
• On a slightly different point, it is also commonly believed that there are no women working in technology companies, particularly in security. At Panda at least this is clearly untrue; more than 30% of the workforce are women, many of whom work in technical areas and management including CTO, CIO, head of Panda Research, Support director, QA manager, and many more.
• Another old favorite is the myth that viruses don’t affect Mac or Linux.  We are frequently asked about viruses for Mac, Linux and cell phones. It is commonly held that none of these present any risks to users, as viruses are only designed for Windows platforms.  The truth however is that there are viruses for these platforms. The difference lies in the amount of malware circulating in comparison with threats designed for Windows. The explanation is simple: If you are a cyber-crook trying to profit from your activity and you want to infect as many victims as possible, what is the ideal target? A platform with 10 million users or one with 500 million? The answer is obvious.

However, no matter how much we try to dispel these myths, they do have a tendency to linger… : -)

Tweet This Post 

Malware, security

In my last post I talked about the need for cyber-security to become a priority. I also believe that the media could lend us a hand in generating awareness about the problem among the general public. Last week an article was published about the discovery of a zombie network controlled by a botnet called ‘Kneber’. According to the information available to date, it has infected some 75,000 computers in 2,500 organizations worldwide, also compromising user accounts on popular social networks. Kneber employs the infamous Zeus Trojan, which first appeared in 2007 and has been infecting computers ever since.
 
In fact, the number of computers affected is relatively low in comparison with other similar networks. The difference however is the coverage it has received in the media. We must bear in mind that what is not reported, simply doesn’t exist as far as the general public is concerned. Yet we work in a complex sector, and it is often very difficult to differentiate between what is important and what isn’t. The same applies to the media.  One criteria used to establish the significance of an issue is the number of affected users, but it isn’t the only one. If it is only massive attacks that get reported, we could be feeding the misconception that these are isolated cases, when the truth is that security labs are investigating these types of attacks on a daily basis. For users to fully comprehend the importance of proper protection and security, they must understand that apart from the massive attacks they hear about through the media, there are numerous threats which are surreptitiously targeting users every day, stealing their data or identity for financial gain.

These cyber-attacks are carried out by criminal organizations that earn millions every month through business models deployed across a channel that allows for anonymity and makes it difficult to track down the perpetrators, for a number of reasons: recruiting of ‘money mules’ to do the dirty work and cover the tracks of the real criminals; lack of legitimate tools and security personnel equipped to combat them, and an uncoordinated response from those responsible for security at an international level.

Although as security vendors we work to identify these new threats and offer solutions to our clients, it is not enough. Nowadays, cyber-crime is organized, and has evolved to the point that, as soon as we offer solutions or dismantle networks such as Kneber, criminals are able, in less than 24 hours, to adapt the code of bots and Trojans and redeploy the network, once again evading security systems.
 
In conversations I have had with others in the security industry, in public administration and the security forces, we tend to agree that we need to work together if we really want to combat cyber-crime. However, this will not be possible until we are able to make governments, companies and users aware of the real dimension of the problem. This is where the media comes in, as a vehicle for security information, awareness and education. In short, it can help us make cyber-crime a priority. Only in this way can we alert users to the true panorama, and jointly work to improve a situation which is steadily worsening.

Tweet This Post 

Malware, Raising of awareness, security

After the success of the Security Blogger Summit we organized last year in Madrid, we have decided to run a second edition of the event this year. This year’s summit will be focused more on end-user security, with the idea of directing the conversation towards conclusions that will help us improve security awareness among the public. This focus is the result of a series of conversations we have had with bloggers, opinion leaders and above all, with many of those who were present at last year’s event and who have given us much good advice (thanks to all of you!).
  
Participants include, among others, Brian Krebs, Kurt Weismer, Marcelo Rivero, Joseph Menn, Alejandro Suárez Sánchez-Ocaña, Javier Sanz, Marc Cortés, Yago Jesús and one of two other surprises, which for the moment we are not revealing.

We’ll be taking a look at the main threats and trends for 2010, and evaluating whether we are really doing all that is necessary to ensure we are more secure and particularly, that we avoid becoming the victims of fraud, with all the harm that entails. Similarly, we will be discussing legislation, collaboration between countries, the limits of privacy… And of course, we’ll talk about the specific action that can help us towards the dual goal of improving security and increasing end-user awareness.

We want the Summit once again to be a meeting point that encourages reflection, the exchange of opinions and experiences… and also for people to have a good time among others who, whether for professional or personal reasons, have a keen interest in security issues. We have set up a Twitter profile to follow the event in real time so that those attending (and others) can offer questions or comments. In addition to producing videos summarizing the highlights, we are also looking at offering video streaming of the event.  Keep an eye on the Security Blogger Summit Web page  in order to follow it through video streaming if you can’t make it to Madrid.

Last year’s summit was more like a meeting of friends, albeit a somewhat numerous gathering, and we hope to achieve the same atmosphere this year. You’ll find more information on the Security Blogger Summit Web page, where you can also sign up to attend the event. We look forward to seeing you!

Tweet This Post 

Malware, Raising of awareness, security

According to Gartner, Cloud Computing is one of the 10 strategic technologies that will definitely take off in 2010. It is clear that cost optimization is the main driving factor behind clients opting for IT services hosted in the cloud. Although resources from the cloud do not completely eliminate the IT costs of companies, they do reduce them.

In the area of security, Gartner predicts that security services delivered as cloud-based services will triple in many segments by 2013. “Security applications delivered as cloud-based services will have a dramatic impact on the industry, as many cloud-based services will more than triple in many security segments. Enterprises that use cloud-based security services to reduce the cost of security controls and to address the new security challenges that cloud-based computing will bring are most likely to prosper”.

In the case of security, the evolution to a new cloud-based protection model is also linked to the exponential increase in malware that we have seen in recent years. Back in 2006, aware of how malware was evolving, at Panda we began to work on a new security model that has allowed us to become the first to offer cloud-based security services for home users (Panda Cloud Antivirus) and companies (Panda Cloud Protection). The future of security –which in our case is the present- is in the cloud.

The market is currently maturing, and so, there is still some confusion around the definitions of Cloud Computing, SaaS, Cloud Security, Security from the Cloud… However, there can be no doubt that the cloud is here to stay. The evolution of Internet technologies has made the migration of applications from local PCs or servers to other intangible hosts a reality.  This, in turn, opens the way for a new business model catering to markets that demand increasingly agile, fast and scalable solutions. Here you can see an interesting white paper about this issue prepared by the Panda team.

Tweet This Post 

Malware, security

Reading Byron Acohido´s blog post  as well as the post on PandaLabs about the incredible rise of financially motivated malware, I thought about the impact this epidemic would have on the financial industry and how it could not happen at a worse time.  Banks of all sizes are dealing with a complex regulatory compliance environment, high profile data breaches and an uncertain economy that has caused many to place IT budgets on the back burner, to say nothing of security budgets.  The financial sector is facing enormous pressure at a time when even the most established firms are now looking for ways to survive.

Read more…

Tweet This Post 

Malware, Uncategorized, security antivirus, business, Byron Acohido, Collective Intelligence, cybercrime, detection, economy, IT, Malware, Panda, PandaLabs, security