Tuesday, 24 September 2013

Facebook and Dropbox sparked hackers' malware renaissance

The Facebook logo
HELSINKI: The failure of online services such as Facebook, Twitter and Dropbox, to adequately test their security before launching helped to ignite the current cybercrime boom, according to F-Secure.
F-Secure web reputation service expert Christine Bejerasco claimed the rise of online services such as Facebook led to a renaissance in cyber criminals' malware development and distribution practices, during a briefing attended by V3.
"The internet is becoming very dynamic. More than ten years ago it was mainly meant for consuming content. Malware during those times was pretty simple: they'd attack the website, load [malware] onto it so people would get infected. The problem during those times was that hosting was quite expensive, so there weren't a lot of malicious websites. Those days are gone," she said
"The renaissance period came when blogging became normal, this really gained momentum when websites like Facebook and Dropbox arrived. it also helped when HTML5 came and made it so anyone could post anything, anytime they wanted."
Bejerasco said the platforms drew criminals' interest, offering them new and easy ways to host and spread malware. "This was actually a pretty good thing, as it opened up the internet. This has made us enter the age of empowerment on the internet – any individual can use any interface at their disposal to post and consume information online," she said.
"But lets say you're a newly minted bad guy and you want to start your career online. A simple search will show you what you need and lead you to these platforms. These guys are benefiting from this seemingly free way of posting information online."
She said social media sites are particularly useful tools for criminals, as they offer a variety of benefits to attackers. "A lot of the bad guys like to play on social media sites," she said.
"The audience is already there and these social platforms are powered by very powerful programme interfaces that allow the user to automate what they do. So for example, a bad guy doesn't even have to create a real profile anymore he can just go in and create a bot to do all his nasty tricks."
Bejerasco said services including Dropbox are also useful to criminals as they offer a free way to store malware and make it easier for them to drop payloads into infected sites or machines.
"File hosting Dropbox is one of those malware favourites. What a usual Trojan does when it gets into the system is just pull their payload from Dropbox into the system so they don't have to host their website."
The F-Secure expert cited criminals' use of the free web services as proof that software and web service providers need to build their products with security in mind from the start. "There is a responsibility for these guys to get secure when they get this big. Facebook in particular has been getting better in recent months," she said.
"But the problem now is the bad guys are always looking for the next hit. They [Facebook and Dropbox] started in garages and that is amazing, but now you have to know the moment you launch the bad guys are going to come into your playground."
Bejerasco's comments follow widespread warnings from the security community to businesses that using free web services – such as Gmail, Facebook and Twitter – leaves them open to attack.
AVG's SMB general manager Mike Foreman also told V3 that the use of the free services is leaving many small-to-medium-sized businesses one cyber attack away from bankruptcy.

No comments:

Post a Comment