Wednesday, 20 October 2010

From a Past Blog Sent Jan 2010 - Cyber Threats

Its probably been said before that at the start of most New Years -  never before has the interconnected world seemed be so exposed to new, smarter security exposures – but right now, looking back at the landscape of 2009, I feel most, with any form of vision, would tend to qualify this as a robust statement.
The cyber-battle to date has seen the majority of security operations pushing back against those we referred to as hackers.  However, what now joins the ranks of adversaries, adding to the complexity of defending the enterprise, and individual, is the onslaught of professional aggressors in the form of Organised Crime, Professional Spammers, and Scammers.
It may now also be politically acceptable to accept that very real risks exist from State Sponsored Cyber Attacks, and infiltrations – Remember Titan Rain! We may also now be close to acceptance that threats are posed by those who would seek to utilise technology in pursuit of Cyber Terror, attacking National and International Targets - of course we also have threats posed by anarchists, and politically motivated individuals through Hacktivism, and we are only just into 2010!
That all said, on the frontline Security Education, it was encouraging to see a Poster Campaign launched toward the end of 2009 with the backing of SOCA, and other Government Agencies, in the form of www.thinkjessica.com. This was seeking to educate the wider public as to the threats posed by Spam, and it’s very real potentials to hurt the public’s pocket.
The real cyber-battle exists at the end-point PC or Laptop. No matter the current level of anti-virus update – and let us be honest, anti-virus protection is only as good as what it knows about, and is no longer that panacea of all-encompassing protection it was once considered to be.
It is now a case of increased complexity at the end-point operating system, application, and multiples of software components and drivers which are co-hosted, each of which from time to time may be exposed to critical vulnerabilities exposing the end-user to some form of compromise.
So why in such a landscape of risk, and vulnerabilities can Cyber Criminals and Organised Crime flourish - do we see Government bodies helping them with their mission to circumvent security (Good news is as of October 2010 this in part, now in progress)?
After a full ten years dancing around the legal maypole, the EU finally won its case with Microsoft over the perceived dominance of the IE Browser. Now consumers will ostensibly have a choice of which browser they wish to use with their Windows operating system. However, this was also a new prime opportunity for security risks to flourish which may be left out of the current Patch and Fix equation.

Ironically, due to the arrival of a raft of new Web browsers, such as Opera and Google Chrome - Windows users have a choice of browsers regardless of whether the EU brokered peace with the Redmond-based software giant. In any case, most ordinary users would be unaware of the wide choice they have, but perhaps more worryingly, they may also unaware of the need to keep their browser software healthy, secure and updated.

Take Google Chrome - in its first incarnation it was released totally insecure, and upon installation and use, exposed the local system, and by inference, user, to the very real potential of ease of compromise and system incursion by a hacker, or criminal.

No matter how savvy the user may be, he/she must be aware of the need for to apply timely security fixes and patches. In fact consider the 2009 release of Google Chrome updates and the associated security fixes – 9 High Criticality, and 2 Moderate, most of which exposed the end-point PC to prospect of local unauthorised access.

For any hacker, or person with criminal intent, I guess they would see the past EU victory as most welcome to move their Cyber Crime business forward to be more productive, and will hopefully benefit them with an increase in their illicit revenue stream and thus are looking forward to a very crime ridden, prosperous, and opportunistic 2010 (which would now seem to be the case also).

So, some sensible advice would be, choose whatever browser you wish, but just consider the security implications, and ensure it is maintained in an up to date, and secure condition – as Microsoft, as the provider of the base operating, may no longer be assured to facilitate this as part of their on-board update service.