Last month’s InfoSecurity 2012 was a busy affair with a record breaking 12,502 unique visitors across three days and a 19 per cent increase on last year’s event.
PCR managed to find some time to chat to Kaspersky’s senior security researcher David Jacoby about the Flasfake virus and educating people about mobile threats.
With mobile devices basically becoming PCs, are you seeing a whole new set of threats emerging?
It’s not just communicating through talking anymore, it’s communicating with email, Facebook, Twitter, and all these different networks. That’s something that the bad guy has figured out. To be able to infect phones, you need to be connected to the social medias, then spread and send the malware through these networks. But it’s not just about infecting the device and getting some kind of malicious code on there. For example, when you are connected to a wireless network, your device is sending out a lot of information, usernames, passwords, emails and so on. Even a simple thing like an email is sold on the black market for money.
Do you think businesses and consumers need to be educated more about the risks of threats to their mobile devices?
It is everyone’s responsibility to make users aware that it’s not just about installing malicious software on a phone. Of course that’s a problem, but it’s not the only problem.
Saying that, I don’t think we will benefit from trying to educate non-technical people about technical vulnerabilities. I’d rather educate them about what they can do to make their phone more secure. If I were to explain phishing attacks, buffer overflows and so on, they would just fall asleep. But to explain that if you turn off automatic wifi connectivity, you can reduce your risk dramatically, that’s something everyone can relate to.
Earlier this year we saw the ‘Flashfake’ virus, can you explain what exactly this was and how it affected Macs?
It was a pretty impressive malware targeting Apple computers. Once the computer got infected, it communicated to a botnet, so the computer itself was participating in this attack. When we started to look into the botnet there were over half a million infected computers. It was all over the world. In the past people had been saying that there was no malware for Macs. Flashfake is proof that there is.
What can you tell us about future threats?
If you look at the attacks that we’ve seen in the past, the methods that hackers are using are mostly not new. There are only a very small percentage of attacks that are using new methods; it is mostly the same stuff that we’ve been talking about for the past 20 years.
One of the reasons why I think we’re still getting hacked – and when I say ‘we’ I mean corporations and consumers – is because we’re focusing too much on future threats, while we should actually be taking one step back and thinking about what went wrong last year and trying to fix that instead.
Want to receive up-to-the-minute tech news straight to your inbox? Then click here to sign up for the completely free PCR Daily Digest and Newsflash email services. You can also follow PCR on Twitter and Facebook.