Cyber crooks winning in security battle

Cape Town - Hackers are always one step ahead of computer security professionals because the nature of the crime is to test hardware and software for vulnerabilities, says a security expert.

"The nature of being an attacker is to be on offensive, to know where you’re going before your opponent. The reality for network operators is, they are going through a significant period of transformation in networking, computing and mobility," Anton Jacobsz, managing director of Networks Unlimited told News24.

Computer security has emerged as a battle ground where cyber criminals have indicated their intent to steal personal financial information.

Online giant eBay announced that hackers had stolen usernames and passwords of at least 145 million people on its platform, though the company was careful to insist that credit card information was not stolen.

As companies shift their hardware to online systems, cyber crooks have identified new opportunities where there may a weak link in the security chain.

Not aware

"Some significant shifts are taking place, to the cloud, mobile devices, and these shifts deliver tremendous cost savings and productivity benefits to businesses. They also present new opportunities for attackers. Corporate information today does not sit in a walled garden, with a resilient perimeter," said Jacobsz.

Worryingly, most companies are not aware when their networks have been compromised.

The 2014 Trustwave Global Security Report found that 71% of breached firms do not detect the break-in themselves and it took two weeks to contain the intrusion when detected by a third party.

As more devices are connected to the internet, Jacobsz argued that it presented criminal with opportunities to steal personal data.

"More internet connected devices means more vulnerabilities and opportunities for attackers."

Cyber criminals use spam as a malware delivery method. (Duncan Alfreds, News24)

Cyber attackers will typically use personal information to craft spam for specific individuals in order to convince them that the unsolicited mail is genuine.

The US has charged a number of senior Chinese officials with hacking corporate networks, but the Justice department said the attacks were more like slapstick instead of cybercrime.

Spam techniques

Attackers used simple spam techniques that caused officials to inadvertently download malware on to computers.

Security firm Kaspersky Lab said that the upcoming Soccer World Cup has seen a spike in the sophistication of attacks, with criminals even purchasing valid SSL certificates.

"In one scam, users in Brazil would receive a message telling them they had won a World Cup game ticket. If a user clicked on the link to print the ticket, it led to a digitally signed Trojan banker," said the company.

Jacobsz said that security policy for companies and individuals should be focused on layers, rather than one solution.

"It is usually not one thing that enables a breach, but a breakdown between the products, people and process."

- Follow Duncan on Twitter
We live in a world where facts and fiction get blurred
In times of uncertainty you need journalism you can trust. For 14 free days, you can have access to a world of in-depth analyses, investigative journalism, top opinions and a range of features. Journalism strengthens democracy. Invest in the future today. Thereafter you will be billed R75 per month. You can cancel anytime and if you cancel within 14 days you won't be billed. 
Subscribe to News24
Voting Booth
Please select an option Oops! Something went wrong, please try again later.
Nappies, they cost too much
6% - 210 votes
Formula and food, it's getting so expensive
18% - 598 votes
Creche and school fees are a struggle every month
76% - 2558 votes
Rand - Dollar
Rand - Pound
Rand - Euro
Rand - Aus dollar
Rand - Yen
Brent Crude
Top 40
All Share
Resource 10
Industrial 25
Financial 15
All JSE data delayed by at least 15 minutes Iress logo
Editorial feedback and complaints

Contact the public editor with feedback for our journalists, complaints, queries or suggestions about articles on News24.