TRENDS: Range of cyber attacks broadens
18 April 2011 (New Starits Times)

It's been 40 years since the first computer virus Creeper was launched. Users have been asked to brace themselves for more potent and sophisticated attacks, writes ROZANA SANI

DESPITE the availability of various anti-virus software, computer users continue to be plagued by malicious software (malware). The Code Red incident in 2001, for example, affected thousands of computers in Malaysia, causing downtime and financial losses to organisations. Last year, Cybersecurity Malaysia handled more than five million IP addresses that are seen to be part of a botnet. In Malaysia, malware tends to spread via emails (either there's a malicious attachment or a URL), the web (compromised sites or social network sites) and thumb drives. "The majority, if not all, of the malware are used for criminal activities and with financial motives. Other than stealing Personal Identity Information (PII) used in commercial transactions, infected computers are also being used to launch attacks on other systems or send out email spam. Therefore, the ability to remotely control multiple infected computers and issue commands is key to the cyber criminals," says chief executive officer of CyberSecurity Malaysia Lt Col (Rtd) Husin Jazri. Last year, Cybersecurity Malaysia learnt about the many attacks that targeted organisations through the use of malware. These are known as targeted attacks or "advance persistent threats". "Malware will be used as a demonstration of military might. Creation of a malware-based weapon of mass precision and destruction will prevail, and, perhaps, has prevailed through the launch of 'stuxnet' to attack control systems in the nuclear reactors," he warns.

Despite all these developments, there is still a lack of urgency towards safe computer use. Users seem to be untrained in securing their computers and they are often easily tricked into installing malware that disguises itself as a video codec or greeting cards. Perhaps this is why our Malware Research Centre observed that there are still computers infected with "old" malware like Conficker, even though the patch and updates have been available for quite some time," Husin adds.

As far as cyber attacks are concerned, how vulnerable is Malaysia? Fortinet EMEA Threat Response Team senior manager Guillaume Lovet says the threat landscape is not very different. "Viruses know no borders and tend to spread 'chaotically'. For a cyber criminal, a botnet whose bots are spread randomly across countries is more valuable: DDoS attacks will be more difficult to thwart, bots will be more difficult to take down, prosecution will require international co-operation, etc. "Specific to Malaysia might be the prevalence of W32/StartPage.DU!tr and W32/Small.COC!tr.dldr, which, since January 2009, and until today, have been detected more frequently in Malaysia than in the US, according to our sensors. These are Trojans dedicated to download more malware on the infected machine, and charge the authors of those malware for that (pay per install). The reason it's particularly prevalent in Malaysia is unclear," he said. What should Malaysians be bracing itself against next? Lovet says the next target for cybercriminals could be smartphones. "Its widespread use and the fact that they incorporate a payment system (premium rate phone numbers) make them easy money-generating targets.