Member Article

SMEs under threat from hackers posing as popular programmes

The latest McAfee Threats Report reveals businesses are falling victim to fake security certificates which appear to authenticate the legitimacy of many popular business applications

The number of malicious programmes that masquerade as legitimate applications has increased by 50% with more than 1.5 million new pieces of digitally signed malware identified in McAfee’s latest Quarterly Threats Report. Digitally signed certificates are used to approve and authorise programmes for business use and realising this cybercriminals are now intercepting or creating fake certificates in order to bypass security systems and infect users’ PCs and mobile devices.

Stolen certificates as a ticket to cyber crime

Every organisation, no matter the size, relies on security controls to identify, validate and accept programmes and ensure they are from the manufacturer the claim to be from. Traditionally most businesses have an IT rule in place that says “if an attachment is signed (i.e. validated from a trusted Certificate Authority), it’s probably good, let it pass.” This was a valid rule until cybercriminals learned how to access legitimate-looking digital certificates to increase the ‘reach’ of their malware, meaning traditional IT security and anti-virus software is no longer enough.

McAfee’s report attributes the rise in the creation of fake certificates to three factors.

The 50+ big Certificate Authorities distribute their certificates through hundreds of ‘retail’ Certificate Authorities globally and it’s difficult to monitor the behaviour of all An increase in rogue Certificate Authorities beyond the reach of global law enforcement issuing legitimate-looking certificates Legitimate certificates are being stolen periodically and subverted for use by cybercriminals

New Signed Malware

“With increasing levels of fake certificates carrying malware in circulation, it’s important that all businesses take the necessary precautions to ensure they don’t install or download programmes that are ‘signed’ by what might appear to be a trusted Certificate Authority. The efforts to bypass code validation and commandeer PCs will be worrying for small businesses with many not having the appropriate IT security training or systems in place to recognise and protect against such breaches, said Raj Samani, Chief Technology Officer of McAfee EMEA. “To battle this threat, IT departments will need to become much more reliant on detecting malware and evaluating any unknown or suspicious pieces of code before it’s accepted.”

Available everywhere - even for hackers

Mobile devices also remain a key target for hackers, with the popularity of the Android operating system proving to be a particular risk. Between July and September 2013, attacks on Android devices increased by more than 30% to more than 680,000 samples in the last quarter. Threats against other mobile operating systems, including Apple’s iOS, are insignificant compared with malicious Android apps. This increase in mobile threats can lead to significant company damage. In the best case, a proprietary device is put out of use, in the worst case expensive SMS will be sent or hackers could gain access to the company’s online banking through an employees’ mobile device. The full McAfee Threats Report for the third quarter of 2013 can be downloaded here: http://www.mcafee.com/us/resources/reports/rp-quarterly-threat-q3-2013.pdf

This was posted in Bdaily's Members' News section by McAfee .