Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more

Panda Security roundtable discusses cybersecurity trends

This year's security, cybercrime and malware event hosted a round table of 10 IT security professionals, with the event being broadcast across the internet.

The round table included investigative journalists Brian Krebs (formerly with The Washington Post and Newsbytes) and Joseph Menn of The Financial Times.

Krebs and Menn detailed the massive amounts of money being moved by these criminal groups and the security challenges faced by governments to stop them.

According to Krebs cybercrime is becoming more and more similar to drug trafficking, with these organisations being exclusively motivated by money and operating using pyramid structures.

"Each group within the organisation has its own responsibilities: some develop malware, others identify banks to attack and finally some others spread the malicious code", he said.

Menn, meanwhile, said that there are many legal obstacles that make stopping these groups incredibly hard. "If you are a hacker and operate in a country other than your own, it is very difficult to arrest you", he noted.

Other roundtable participants included Kurt Wismer (renowned security opinion leader who comments on the cybercrime situation and its effect on users in his blog anti-virus-rants.blogspot.com); Marcelo Rivero (researcher and author of www.infospyware.com); John Leyden (cybercrime columnist for The Register); Yago Jesus (blogger and author of www.securitybydefault.com); Marc Cortes (marketing and communication expert and author of www.interactividad.org); Alejandro Suarez (one of the most influential internet bloggers in the Networks SL blogging network); Javier Sanz (author of www.adslzone.net and expert in new technologies); and Paloma Llaneza (AEDEL lawyer and member of Spain's National Cyber-Security Advisory Council).

According to Panda Security, 95% of malware is aimed at stealing passwords, which makes users who handle valuable information potential targets for cyber-criminals.

Speakers at the summit expressed their concern about this growing trend and the easy way in which malware is distributed, as well as the difficulty to apprehend those responsible.

Participants also identified Eastern Europe and China as the main sources of malware, and commented on governments' lack of action to fight this threat.

"Apart from the difficulty of arresting a hacker for illegal activities carried out outside of a country's jurisdiction, there is the problem of actually making sure that a hacker's virtual identity actually corresponds to that of the detainee," said Paloma Llaneza.

Participants also commented on the speed of cyberattacks and the lack of resources from authorities to stop them.

"The law is always one step behind cyber-crooks and this prevents authorities from acting more swiftly", said Yago Jesus.

"The problem is no longer what happens in other countries. In Spain, for example, there is an alarming lack of resources to act effectively."

Menn, meanwhile, indicated that even in countries like the US there are laws dating back to the 1970s that are no longer capable of stopping present-day internet attacks.

Education and awareness issues were also part of the summit's agenda, with several participants speaking in favour of using more common sense.

"Just as we lock the door after leaving our house or getting out of the car, we should do the same thing with the internet", said Alejandro Suarez.

"We must be aware of what activities can lead to an infection and what cannot. Common sense is necessary to surf the web", added Marcelo Rivero.

As for legal responsibility and regulation, the speakers agreed on the difficulty of implementing global laws.

"The best thing would be to demand some responsibility from private businesses and public institutions", said Jesus.

According to Krebs, "if we could draw up a blacklist of non-recommended sites or sites with a bad reputation, we could prevent a huge number of attacks and warn users of websites that could infect them."

Krebs explained the need to demand more responsibility from internet service providers: "If we have laws in the US that force internet service providers to shut down web pages that offer pirated music or video files within 48 hours, there should be similar laws for cybercrime."

The panel also addressed security in social networking sites, especially in those aimed at teenagers.

"Unfortunately, young people establish a communication channel that parents many times cannot advise them on. We should act on the internet in exactly the same way as in real life in order to minimise risks," said Rivero.

What’s Hot on Infosecurity Magazine?