Malwares on the rise

Goldman Sachs’ well-known 2003 BRIC report was the first to predict India would become the world’s third largest economy after China and the US. But with India now sustaining 8 per cent annual growth, Goldman Sachs has since revised its estimates, placing India ahead of the US by mid-century.

Recently, the Indian Computer Emergency Response Team (CERT-IN) reported that both government and company websites have seen increasing numbers of defacements. 430 websites were hit in December 2006 alone. About 25 per cent of these have been attributed to the ‘LORD’ defacer team, a Turkish group that leaves messages on targetted websites, after each attack. Such groups seek self-praise, and opportunities to disseminate their own brand of political or religious messages. Defacement has become such a problem that in December 2006, the Indian Ministry of Home Affairs ordered all ministries and government departments to host their sites only on government-owned servers.

The spread of ‘malware’ is driven by the prospect of economic gain. Each successful attack makes cyber criminals wealthier, giving them more financial power to create larger engines of destruction. The old hacker stereotype of a lonely, bespectacled computer-geek, logging on from his parents’ basement is slowly being replaced with one of wealthy individuals, with multiple employees and large bankrolls of illicit cash.

What’s worse is that not only is the frequency and sophistication of the attacks increasing, but so is the amount of resulting damage. A Gartner Group report showed 2006 profits from phishing scams rose over 400 per cent, from $257 per victim to $1,244 per victim.

As the cyber crime industry grows and becomes more organised, it is becoming easier for attackers to execute their strikes. And it is now actually possible to buy and sell malware in underground marketplaces. The most successful cyber criminals today are not the ones who perpetrate attacks directly, but those who provide the infrastructure by creating illicit attack tools and selling them to others.

With the Indian Technology, already taken a considerable lead in view of the rest of the world, with regard to the IT industry, India can now take on others in Information Security.Our continued global success depends on how securely we can remain connected to the rest of the world in terms of economy, information, and most importantly, technological infrastructure. Some early steps in this direction have already been taken with the passage of the Information Technology Act, 2000. Continued national leadership, standardisation and security guidance are one of several important layers of a successful IT security environment.

Network security today goes far beyond simply patching up individual system vulnerabilities; and it goes beyond protecting one’s company against nuisance attacks and common viruses. Network secrurity is also about protecting your money. The malware economy has become increasingly organised, and to fight it effectively, companies, governments and IT security firms will have to begin doing the same.