While data loss prevention, Internet security (AV, anti-malware/crimeware) and other protective software (from any reputable vendor) and hardware certainly plays a crucial part, as does government and law enforcement, Scroggie says there also needs to be a continued focus on education.
This means focusing on what individuals and corporations can do to protect themselves and their information, with this knowledge providing “an immediate and significant impact” that can definitely affect the flow of what ends up in the underground economy.
Education means teaching consumers and corporate computer users – it means we all need to be careful about how much private info we put out and where we post it, learn to not posting sensitive info on public forums, encrypt information when it is copied to DVDs or gets emailed, etc – so if it is intercepted, be it lost or left on a train, or stolen, that it’s then much more difficult to get access to the information.
Australia has the 6th highest percentage of “underground economy servers”, we rank 10th for the total number of “file instances” of pirated software. We were also 6th of the list of most credit cards for sale, amongst many other stats.
Scroggie noted that “Nothing really in local stats that would lead us to believe that Aust is better or worse off – it is generally of the reflection and maturity of our ecommerce as a country”, but it still highlights how important it is that we all educate ourselves and equip ourselves with the right protection to make life as difficult for the online criminals as possible.
We also briefly touched on Symantec’s Anti-Virus software for the Mac. Clearly with phishing attacks, or other online web attacks trying to target “you”, the user, as the weakest link, and not your computer itself, there is merit in Mac users having protective software, even if Windows malware and viruses won’t infect the Mac OS.
Mac users who load Windows onto their computers also need to be aware that when they are in Windows, they’re just as vulnerable as any other Windows user, especially if they have no protective software (of which there are many free and paid alternatives out there).
It’s also worth noting TrustDefender at this point.
This software, which works seamlessly with whatever Internet security software you’re already running on your Windows PC, claims to detect ANY malware, crimeware, “silentbanker Trojans” and their ilk, rootkits – be it known or as yet unknown by anyone – and prevent them from actually running when you are connecting to your bank, allowing your computer to communicate with the bank’s computers and blocking all else.
Given that online criminals are using an incredibly blended variety of threats, Symantec and other companies are recommending a blended variety of protective measures, from software and hardware through to simple education.
While Symantec has new Data Loss Prevention software it purchased from Vontu, to add to its consumer, commercial and enterprise security solutions, TrustDefender’s additional layer of protection is compelling because no-one, not even Symantec, claims to do what TrustDefender claims,.
If you’re interested as a consumer or business about doing everything to prevent cyber criminals from getting your data, especially at point of actual transaction with your bank, with numerous examples of the ability by Trojans such as the latest “SilentBanker” crimeware to totally and utterly circumvent two factor (or even multiple factor) authentication – but not TrustDefender – then you should know about it. Hey, maybe Symantec should buy it.
TrustDefender have a very interesting blog posting about the latest SilentBanker.B variant, and how they stop it dead in its tracks, here.
To end, here’s a quote from Stephen Trilling, the vice president, of Symantec’s Security Technology and Response (STAR) division.
Trilling concludes: “As evidenced by the Report on the Underground Economy, today’s cybercriminals are thriving off of information they are gathering without permission from consumers and businesses. As these individuals and groups continue to devise new tools and techniques to defraud legitimate users around the globe, protection and mitigation against such attacks must become an international priority.”
Symantec’s report on the underground economy (PDF LINK) is here.