ICYMI: "Dead" anti-virus, mobile ransomware; more EU DPA problems

This week's In Case You Missed It column looks at the state of anti-virus, ransomware going mobile and the EU's upcoming Data Protection Regulation.

ICYMI: "Dead" anti-virus, mobile ransomware; more EU DPA problems
ICYMI: "Dead" anti-virus, mobile ransomware; more EU DPA problems

Anti-virus: Dead or just different?


Brian Dye, senior VP of information security at Symantec, ruffled a few feathers earlier this week when he told reporters at The Wall Street Journal that anti-virus is “dead”, and that such solutions miss 55 percent of malware.


Symantec later clarified that Dye was referring to single-layer AV, but that didn't stop something of a backlash in the information security communication.


“Antivirus is as dead as IDS,” said Jack Daniel, BSides founder and Tenable analyst, while BH Consulting founder and analyst Brian Honan told SCMagazineUK.com  that the message that anti-virus alone isn't enough needs to be promoted in the business world.


“The amount of times I go out and talk to clients and they go, ‘well I'm secure, I have antivirus software'. It's good that they should be made aware that there is more to security than just antivirus software.”


Eugene Kaspersky, CEO of Kaspersky Lab, was more damning in an email to reporters.


“I've heard antiviruses being declared dead and buried quite a few times over the years, but they're still here with us – alive and kicking. I fully agree that single-layer signature-based virus scanning is nowhere near a sufficient degree of protection – not for individuals, not for organisations large or small; however, that's been the case for many years.


“Today, security is about a combination of various technologies – heuristics, sandboxing, cloud protection and many others – which form essential elements of any superior-quality IT security solution, in addition to good old time-tested signature-based virus detection.”


FireEye analysts Zheng Bu and Rob Rachwald said, however, that most anti-virus solutions are unable to keep up with the evolution of malware.


“Today's AV model makes everyone a sacrificial lamb. In the past, malware writers would write their attack code once with little need to iterate. Today, as our numbers show, rapidly developing iterations of malware is becoming the de facto way of hacking.


“Malware is developed, QA'd against the latest AV signatures, released, and once it is picked up by AV sensors and shared among vendors—the malware dies. The process takes a few days at most. By contrast, anti-virus vendors work in a process that takes a few days to a few weeks.”


[Brian Kreb's comments are also well worth a read.]

Cyber-criminal gang take ransomware onto Android

As the latest sign that cyber-criminals are turning their gaze to mobile malware, Bitdefender this week claimed that the highly-prolific gang behind the Reveton/IcePol ransomware, which infected thousands of PCs in 2012 and 2013, has made the move onto Android, the biggest mobile operating system around the world.


The Android.Trojan.Koler.A ransomware is delivered automatically to internet users browsing malicious pornographic websites, and poses as a media player offering users access to premium content.


It must be said though that the attack itself does require some user error - it will only work if the person has enabled side-loading and manually installed the application.


After it has been installed, the Trojan launched a browser on top of the home screen and quickly displays a logo of the player it is impersonating. However, in the background the Android APK visits one of the domains involved in the scam and transmits the compromised device IEM.


At this point, an HTML page localised in the victim's language pops up, the back button is disabled and a message appears accusing the user of visiting illegal pornography. Files are not encrypted, contrary to the claims by the hackers, but the gang charge US$ 300 (£178) to remove the threat.


The Trojan can be  removed easily, according to researchers. Bitdefender has more on how to do this here.


Chief security strategist Catalin Cosoi believes that the attack could be a “test run for cyber-criminals to see how well this type of scam can be monetised on mobile.”


Hiccup for EU Data Protection Regulation


Trouble follows the EU Data Protection Regulation. Shortly after research from Trend Micro revealed that half of UK businesses are unaware of the reforms, a report this week from Iron Mountain revealed that consumers doubt whether one the changes - the ‘right to be forgotten' when you change one service to another - will work in practice.


Almost three in four consumers (74 percent) in the UK said that they were not convinced by the benefits of having their information deleted would be worth the ‘bother' of asking for it to be removed, and 86 percent doubted if a company would honour the request anyway, even if the company assured them that their information had been deleted.


App developers lag behind on privacy


It's an exciting time for mobile app developers - the smartphone and tablet market is burgeoning with new devices on different operating systems, and there's the possibility for some big profits (even if a Gartner report this week revealed that just 0.01 percent of consumer apps can expect to make money through 2018).


There's a lot of attention at the moment around 'private' encrypted instant messaging apps, and fitness apps - and the latter will likely become bigger when a health-conscious iOS 8 rolls around.


But with the territory come privacy and security concerns. In a study of 12 mobile health and fitness apps, the US FTC this week criticised fitness apps for leaking data to 76 third parties, and also settled charges with Snapchat for rolling-out poor security features.


The group slammed the mobile app developer (via SC Magazine) for “false” claims that photo messages disappeared and also sent charges which alleged that Snapchat collected address book information without user consent.


Furthermore, the watchdog said that the app allowed video messages to be stored and accessed on a recipient's phone and that Snapchat failed to secure the “Find Friends” feature, which resulted in a security breach affecting some 4.6 million user accounts.


Much like hardware manufacturers in the consumer electronics space, privacy and security seem to come second to design and practicality. Snapchat's opening statement sums it up nicely: “"While we were focused on building, some things didn't get the attention they could have.”

SC Webcasts UK

Sign up to our newsletters

FOLLOW US