Thursday, July 5, 2012, 3:15 PM CET
Computers and human beings have a lot in common, from being prone to infections to potentially becoming virus centers without knowing about it. Hackers seem to capitalize on this feature and the gaps in the protection of many PCs, which resulted in a 100% rise in the number of cyber attacks last year and earned the Hungarian capital fifth position on the worldwide list of most infected cities.
Personifying inanimate objects is so human nature. People tend to bestow a personality on every item that surrounds them. They treat their cars as if they were horses, curse their broken-down lawnmower like they would their employers, and some even name their fridges Bob. But they hardly ever see their computers as thinking creatures. They are not, obviously, yet computers have far more human qualities than any other electric device. Chief among these is the susceptibility to viruses. Unlike when their health is concerned – when the mere mention of the world flu epidemic sends thousands to drugstores – people do little to prevent their major working tools from being infected.
Budapest, the city of zombies
Little wonder then that the number of infected PCs is growing every year, or skyrocketing, to use the terminology of IT firms. Even when security is beefed up, the chance for an infection multiplies thanks to myriads of new strains. Last year Symantec, the IT company which protects half of the globes’ computers, registered a 41% surge in unique malware variants (equivalents for virus variants in human body) from a year earlier. The firm also reported a generous hike in server-side polymorphism, a technique that enables attackers to tailor their malware for each potential victim. Overall, attacks increased by 81% in 2011.
Epidemic data reveals that Hungarians cared more about their own condition last year than about that of their computers. As a result, Budapest was the fifth most infected city in the world in terms of bot networks. The capital is followed by Szeged (8th in worldwide ranking), and Szolnok and Budaörs also place high on the list of zombie networks. “Cities with long-standing internet access and PCs with little protection or sparse security updates have become the most affected,” said László Gombás, security expert of Symantec Hungary. Zombie computers are responsible for 80% of spam, Gombás added. These computers can easily become centers for initiating cyber attacks on other targets, without users being aware of it.
The nature of the beast
How do they do it? Bot worms (the name comes from robot) are self-replicating malware programs that reside in memory (RAM) and turn infected computers into zombies. From there, they transmit themselves to other computers, creating a botnet that functions as a vehicle for the spread of viruses, Trojans and spam. Without regular check-ups, the computer can become a zombie residence.
Still, these threats are relatively less dangerous because they can be detected. More complex strains such as sKyWIper, the recent focus of study of Symantec and Crysys Lab, the Laboratory of Cryptography and System Security of the telecommunications department at the Budapest University of Technology and Economics, pose additional risk due to their complexity. This threat, which has remained under the radar for two years, is able take screenshots, steal documents, disable security software, and spread through USB connections. Early analysis has revealed that its primary targets have been the West Bank (Cisjordan), Hungary, Iran, and Lebanon. Attacks were against individuals due to their personal (and not professional) links and nearly always targeted home computers.
This virus has also been identified as Flame, a data-mining virus that in May 2012 penetrated the computers of high-ranking Iranian officials, sweeping up information from their machines. Investigations are ongoing. What is certain is that, in terms of efficiency and complexity, Flame equals Stuxnet and Duqu , two pieces of malware responsible for recent high-level cyber attacks. ( To learn more about these two, refer to Table 2.)
Another similarity is that all have been used for targeted attacks, the number of which quadrupled in 2011. What is new here is they are not just after large businesses and governments: more than half of all attacks were directed toward organizations with fewer than 2,500 employees, and nearly 18% targeted businesses with fewer than 250, Symantec’s 17th cyber report reveals. Many of these targets were the branch offices or HR consultants of large companies, enabling hackers to get to the big fishes.
Stuxnet has been linked to a series of covert attacks carried out against an Iranian nuclear plant by the US starting from 2010. The specific targets of the virus have been computer controllers made by Siemens to operate industrial machinery – controllers that were sold to the Iranian Natzan plant as well. Siemens tested the vulnerability of the controllers in the Idaho National Laboratory, part of the Energy Department, which allegedly took the opportunity to exploit the gaps next year through Stuxnet.
Yet it does not take sensitive industrial data to fall prey to cyber crime. In March 2012, hacker group Anonymous changed passages of the new Hungarian constitution on the website of the Constitutional Court. The hackers added several passages to the basic law, such as stipulations that those working in IT jobs could retire at the age of 32 and should be entitled to pensions equal to 150% of their salaries. New sections said that Anonymous and other grass-roots IT groups should fight internal or external threats against the country.
Another seemingly low-key target in the recent past was a local government. In early June, hackers gained access to the telephone system of Heves county. The invaders initiated high-tariff calls (HUF 30,000 per minute) to Latvia and charged the account of the local government. The unusual traffic was noticed by the telephone service providers, who disconnected the phones. Even so, the office can expect a couple of million forints in bills.
Heading out? Stay connected!
The well-known slogan of Facebook encourages people to stay online all the time, and people diligently follow the suggestion, exposing themselves more than ever. If you think you are too low-profile for a hacker, think twice. You may in fact be a small fish, but using your connections, hackers can reach higher-level targets. (To see how please refer to Table 3.) “At the height of competition for market share, social networking sites often treat security as a secondary issue,” explained Zsolt Kocsis, IBM Tivoli Software's CEE GMT Services Manager and Chief Technology Officer of IBM Hungary. “They tend to focus more on the speedy introduction of new features,” he said, adding that the same goes for smartphone, cloud and collaboration service-providers.
It is not only social networking sites that urge people to use their internet connections on the go. Banks too are busy recommending the option of mobile banking but forget to highlight the possible downsides. “With the expansion of online mobile tools, the vulnerability of these devices is on the rise,” said Harold Teadale, managing director of Symantec Hungary, who laments the complete lack of information from the banks’ side on the risks involved. Teasdale claims that threats linked to computers or other mobile devices should be taught from the very beginning, as the high rate of infections is partly due to people’s ignorance. (To see what malware can do to your phone, refer to Table 1.)
The sunny side
Risks may abound, but security paid off in some fields. “I have seen great developments in the system of Hungarian defense bodies,” Teasdale said. “The Hungarian system is connected to many international peers, and together they are really efficient in discovering frauds and attacks.” He added that other sectors such as health care or education could still do much more.
IT giant IBM’s annual X-Force trend and risk analysis is equally positive about certain events in 2011. Spam rate, for example, saw a 50% drop. (Symantec reported a 10% year-on-year decline.) Software makers responded to security gaps with quick fixes, leaving only 36% of such problems unattended as opposed to 43% a year earlier. Also, hackers have apparently not invested in new equipment. “Apart from a few incidents, hacker attacks are not known for using high-level technology or cross-continental attacks,” Kocsis noted. “Makers of operating systems and search engines regularly announce contests with high rewards for those seeking challenges.” Rewarding those who report security gaps to developers has also become common practice. This provides the reporting hacker with a reputation and/or long-term employment at the firm and also helps better investigate the preferred targets.
Facts, figures and events in 2011:
42% OF MAILBOXES TARGETED FOR ATTACK BELONG TO HIGH-LEVEL EXECUTIVES, SENIOR MANAGERS AND PEOPLE IN R&D
Overall spam rate is down from 85% to 76%. (Symantec Internet Security Threat Report)
March: spammers exploit Japanese earthquake with 419 scams, fake donation sites, and malicious attachments. (Symantec ISTR)
September: spammers exploit the tenth anniversary of 9/11 to harvest email addresses.
1 IN 299 OVERALL PHISHING RATE (Symantec ISTR)
403 million unique variants of malware in 2011 versus 286 million in 2010. (Symantec ISTR)