Online Crims Get To Work On Your Pc
The Age
Tuesday May 23, 2006
Next time you boot-up your desktop PC at work, think twice about logging into your internet banking or share trading website because criminal hackers may be watching your every keystroke.
The annual security survey conducted by AusCERT, Australia's primary IT security organisation, shows corporate PCs are just as at risk from organised online crime syndicates as the humble home PC."(The survey) confirmed what we've all been seeing and talking about," says AusCERT general manager Graham Ingram. "The proven protections that have been the hallmarks of security for many years are no longer effective."Around one-fifth of respondents reported infections from "trojans", malicious software that steals information such as credit card numbers and bank passwords, despite 98 per cent of respondents claiming to use anti-virus software. Traditional protections, such as anti-virus software and intrusion detection systems, fail to protect organisations' PCs, he says."The attacks continue on the perimeter but the fundamental change is they're going to . . . the user and the client machines," Mr Ingram says. "Clearly, anti-virus (software) is not sufficient."He says that 60 per cent of the malicious code that AusCERT intercepts is undetectable at its time of release. Bogus emails that fool unwary users into visiting malicious websites that then secretly download trojans is the new, more harmful vector for infection, rather than worms and viruses that copy themselves from one PC to another."For non-propagating code (trojans) to be so prevalent is surprising and definitely a concern," Ingram says. "Someone is purposely orchestrating these attacks."Email and trojan attacks once sought to compromise internet banking credentials but attackers now seek detailed personal information for identity theft scams."In years gone by, we spoke about hackers and the motivation being ego and bravado," Mr Ingram says. "That's no longer the case; these are attacks for financial gain and that introduces some really quite sophisticated drivers."The survey, produced with federal, state and territory police, shows sophisticated electronic attacks that defeated countermeasures have more than doubled over the past 12 months. The number of organisations to experience such attacks jumped from 11 per cent of survey respondents to 24 per cent.Although Mr Ingram admits the survey can't be considered statistically valid, he says the consistency in results over the years shows they're on the right track.AusCERT says it doubled the survey size this year to 389 respondents, up from 181 last year. The organisation enlisted market research firm ACNielsen to assist in boosting the circulation of the survey document.William Burlace, the director of media research at Roy Morgan Research, says consistency in trending is a good sign. A boost in sample size is also a move in the right direction, he says. "The statistical variation you get in the sample is dependent absolutely on the size of the sample," Mr Burlace says.The survey said that one-fifth of organisations experienced an attack that harmed the confidentiality, integrity or availability of data in the last 12 months, and that 83 per cent experienced attacks from outside the organisation, while 29 per cent experienced insider attacks.Of those that experienced harmful electronic attacks, more were public sector organisations (59 per cent) compared to private sector organisations (41 per cent). Only 10 per cent of organisations said they managed all aspects of computer security reasonably well - up from 7 per cent last year.
© 2006 The Age