The UK’s National Crime Agency (NCA) claims to have created a two week window in which we can regroup before the assault from Gameover Zeus (GOZeuS) and CryptoLocker resumes. But how good is this opportunity to combat the infamous Trojan? CBR asked the experts, and they responded.
Antivirus is a "con", and it won’t protect you from CryptoLocker
The NCA’s recommendation that the public patch their computers and run a few virus scanners is likely to have raised a few eyebrows in the digital security sector. Is this the same software that Symantec’s Brian Dye had called "dead" but a few weeks ago, somehow able to beat a virulent mutation of the Zeus trojan?
"For years the antivirus industry has been promoting a flawed product to the mass market as a protection product – a huge con," said Melih Abdulhayoglu, chief executive of software company Comodo. "Traditional antivirus products do not and cannot protect you from new malware like CryptoLocker that they can’t detect."
He added that sandboxing was a superior method of protecting against malware, isolating traffic before it makes it into the main system. This method of protection is likely to become more common, as more in the security industry recommend segmenting data based on sensitivity.
GOZeuS and CryptoLocker are a matter of "national cyber defence"
Steven Harrison, lead technologist at enterprise networking firm Exponential-e, is calling for a different approach entirely, one out of the hands of the common user. "To stop GOZeuS morphing and resurfacing in two weeks, the attack must be fought on a much wider scale and treated as a national cyber defence issue," he said.
He added that monitoring of workforce activity would help companies detect a breach. "Only by applying holistic threat detection, that watches the behaviour of a large number of people, can we defend against threats that resurface in a different uniform or attack us for the first time."
The trouble with malware is that it doesn’t stay the same, and indeed this may be the reason for the weakness of antivirus and perimeter defences in general, at least if you believe Alan Solomon, an early pioneer of digital security.
Analyst Bob Tarzey of research firm Quocirca is of a similar mind. "Whilst anti-virus is not a panacea for protecting us from cyber-crime, one thing it is good at is keeping known malware at bay. The current versions of GOZeuS and CryptoLocker clearly now fit into this category," he said.
"However, the advice could also lead to a false sense of security, in that cyber-criminals mutate malware over time so that anti-virus can no longer recognise it any more, until the vendors catch up. So the caveats should be emphasised more that there will be new threats on-going."
Email phishing is a common method of delivering the Zeus trojan
Even if cyber-attacks are becoming more ambitious, many of the old methods of compromising data still hold. "The most likely rout to get infected by the Gameover Zeus Trojan is through opening an email attachment, so users need to remain vigilant," said George Anderson, director at security firm Webroot.
"They might be asked to download a PDF or other file through an email that comes from someone they know. Users should be suspicious of opening the attachment, especially if it wasn’t expected – even if it’s from a ‘friend’."
AccessData enterprise defence architect Lucas Zaichkowsky said: "Attackers usually plant a generic dropper within an emailed file disguised to look like a document, or via web sites by using popular exploit kits such as Blackhole that can identify vulnerable software on each visitor and deliver the right exploit."
While antivirus is flawed, many still believe it is an essential part of security. "For individuals, don’t underestimate how important simple things are like updating all your software and applications which will help to protect you," said Jason Steer, director of technology strategy at security firm FireEye.
"The basics steps will help with prevention but attacks like CryptoLocker and GOZeuS are incredibly powerful, so businesses need to understand the information that is most critical to their business and prioritise its protection," he added. "Back it up regularly and protect it with the use of firewalls, two factor authentication and other techniques that will slow down attackers and make them move on elsewhere."
Maksym Schipka, senior vice president of engineering at security company Clearswift, said: "Raising the awareness of security in the organization will have as much effect on improving the risk posture as putting in a security application. Knowledge is power and will enable organisations and individuals to protect their critical information in a world where cyber-attacks are now almost a daily occurrence."