“The fight against cybercrime is on the right tracks”, says the report, “and though there is still a long way to go, we can see how international co-operation among security agencies is beginning to pay off and how criminals around the world are being brought to justice.”
Key to this view is the conclusion of an FBI investigation that began in 2010. “This operation stands out not least because of the coordination between security forces in different countries. The FBI had the support of police in Moldavia, Romania, Holland, Germany, Finland, Switzerland and the UK.” But while increased co-operation may promise much for the future, the current situation remains grim.
An area of particular interest to PandaLabs is the ransomware ‘police virus’. This is the virus/trojan that infects a computer and pretends to be a notice from the local law enforcement agencies levying a fine for, usually, illegal pornographic downloads. In February a gang of criminals behind one variant was dismantled by the Spanish police, Interpol and Europol, and there were brief hopes that the virus was being contained. But, “the information we have at PandaLabs points to the existence of several gangs responsible for these attacks,” says the report, and warns that this particular threat will be around for some time yet.
In instant corroboration, Webroot warned yesterday, “Recently we have seen a spike of this ransomware in the wild and it appears as though its creators are not easily giving up. This infection takes your computer hostage and makes it look as though the authorities are after you, when in reality this is all just an elaborate attempt to make you pay to unblock your computer.”
A second area of special note in the PandaLabs report is the so-called cyberwar with China. During the first quarter of 2013, Mandiant published its pivotal report accusing the Chinese government of involvement in hacking. Security professionals are traditionally reluctant to lay direct blame for hack attacks. “Proving who is behind any attack is highly complex, even in normal cyber-crime cases. When it comes to cyber-espionage things are further complicated by the simple fact that whoever is behind the operation is highly qualified and adept at covering their tracks,” warns PandaLabs.
However, it also notes damning circumstantial evidence in the hacks against the New York Times and the Wall Street Journal. “In both incidents,” it reports, “the attackers were able to access all types of data (customer details, etc.), yet only focused on information about journalists and employees, trying to find any reference to investigative journalism regarding China, and in particular, looking for the papers’ sources.” The implication is clear: criminals go after money; politicians go after political information.
In its analysis of malware and infections, the report notes that trojans now account for nearly 80% of all infections. This is largely achieved by sending users to websites with exploit kits that infect the visitor. China is the most infected nation, with more than 50% of its computers being infected with some malware. In general, Europe is the least infected area, with Finland having the lowest infection rate at just 17%. The UK is not far behind at 21.8%, while the USA stands at 27.79%.
Given such infection rates, the growth of mobile malware, the emergence of state-sponsored hacking, the daily revelations of Twitter hacks, the re-emergence of the police virus ransomware and the prolific number of exploit kits and exploits, it is somewhat surprising that PandaLabs can remain optimistic – yet it does. Time will tell whether international co-operation is able to deliver the benefits that PandaLabs expects.