Cyber criminals adapt techniques to follow business technology innovation, says AVG

Cyber criminals are following business technology innovation, adapting traditional techniques to steal and monetise data from new technology platforms, says security firm AVG.

Cyber criminals are following business technology innovation, adapting traditional techniques to steal and monetise data from new technology platforms, says security firm AVG.

As business has moved to greater use of mobile and non-Windows computers, so cybercriminals have adapted techniques and changed focus, according to AVG's Q2 threat report.

Cyber criminals have identified an increase in the use of Apple Mac computers by business, and are targeting them as they targeted PCs in the past, the report says.

Similarly, cyber criminals have ramped up attacks targeting Android and other mobile operating platforms, in response to rapid adoption by business users.

Malware is relatively easy to spread through fake or malicious apps either by spamming users with links or posting the apps in online markets, says Yuval Ben-Itzhak, chief technology officer at AVG.

"A common method of making money is by billing mobile users for premium SMS services that can be sent from any mobile device," AVG's chief technology officer said.

The report also highlights the rise of trusted malware, particularly in Q2, where cyber criminals are stealing legitimate security certificates to sign their malware, making it undetectable by many security systems.

As digitally signed code enables binary code to execute on a PC, cyber criminals are increasing their efforts to steal digital certificates, says AVG Threat Lab, which detected more than 53,800 pieces of signed malware in the first five months of 2011.

This represents a 38% increase over the figure for all of 2010 and a more than 300% increase on the monthly average.

"To guard against this trend, businesses should ensure their security systems do not blindly accept all signed applications, but link instead to a regularly updated list of trusted certificates," said Yuval Ben-Itzhak.

At the same time, he says, software producers should ensure their digital certificates, which are just files, are protected adequately and are not allowed to sit on developer's computers where they can be stolen easily by criminals.

The shift in responsibility for data protection, specifically financial data, is another important trend for businesses to note, says Ben-Itzhak.

In early June, a US court ruled that a business that lost more than $300,000 to cyber criminals using the SpyEye Trojan was responsible for the loss and not the bank. The court said the business should have done more to protect its account credentials.

"This case is important because it shows that, in some cases, the business is responsible and cannot shift the blame on to service providers, which means businesses need to be much more proactive about invisible threats like SpyEye," said Ben-Itzhak.

Not only are businesses being held responsible for the protection of their credentials, but the volume of these threats is now so high, businesses can no longer afford to ignore the issue, he says.

According to the report, in the first half of 2011 AVG Threat Lab investigated 702 command and control servers collecting online banking credentials from hundreds of thousands of people and businesses worldwide.

The AVG report includes data collected from customers who opted to take part in the firm's product improvement program. This data enabled AVG to understand the origin of attacks and how they reach the endpoint, says Ben-Itzhak.

"This enables us to track attacks back to see the techniques used by cyber criminals and also identify new malware so we can analyse new techniques to add the necessary protection," he said.

  • Read the AVG security threat report Q2 2011

Read more on IT risk management