Powerful criminal organizations behind virtual attacks, say security firms

- Wednesday, September 28, 2011

Powerful criminal organizations behind virtual attacks, say security firms

International and well-organized criminal organizations, including some in Brazil, are behind most of the recent virtual attacks, IT security firms believe.

"The same type of people who, in the past, were involved in sex and drug trafficking are now devoted to investing millions of dollars to build networks for cybercrime," security firm F-Secure Latin America president Alexandre Ribeiro said during a conference on mobility held in São Paulo.

According to Ribeiro, the image of the hacker as a "solitary nerd" is getting further and further away from the current reality, as virtual crimes are increasingly financial activities.

Start your 15 day free trial now!

cta-arrow

Already a subscriber? Please, login

Security firm Kaspersky Latin America sales manager Claudio Martinelli expressed the same opinion. "Cybercriminals are acting, eyeing return on investments," he said, noting that his firm has come across malware developed entirely by Brazilian hackers aimed at mobile platforms.

Russia, Eastern Europe, the Middle East and, in Latin America, Brazil are the major sources of malware developers, according to the executives. "Virtual crimes are getting closer and closer to the physical ones," Martinelli added.

The executives called special attention to the need for protection for mobile platforms.

"It's necessary to understand tablets and smartphones as well as computers," according to Brazilian corporate smartphones solutions developer Navita's CEO, Roberto Dariva.

CUSTOMIZED VIRTUAL ATTACKS

According to F-Secure's Ribeiro, there are already several organizations where one can pay to have a particular website attacked.

The "service's" cost, he said, depends on the intensity of the attack - for example, for how long the organization's client wants the target company's website to be down with a denial of service (DOS) attack.

"Imagine a very angry and spiteful costumer who felt neglected when he contacted his ISP's customer service, [imagine] what he can do," Ribeiro said.

The executives said they believed that users in the region are overall becoming more concerned with their security on the internet, and with acquiring a greater awareness concerning its privacy online.

In that regard, Ribeiro predicted that Brazil's information security market will end the year with nearly US$245mn in revenues - the largest information security market in Latin America and up 17% from in 2010.

CORPORATE PROTECTION

Though users' concerns about information security are increasing, the executives said companies in general remain unworried about security for the mobile platforms they give employees for corporate use.

In light of those threats, the security firms called on companies to update antivirus and antimalware software, to encrypt voice calls, to use mobile device management tools for company tablets and smartphones (with security policies like blocking the device remotely from the server), and to establish a "white list" that limits the apps employees can install on the devices.

"Above all, companies must employ direct orientation and training to their employees. There can never be enough," Navita's Dariva said.