Thursday, May 7, 2009

Zombie computers 'on the rise' !!


Twelve million computers have been hijacked by cyber-criminals and detected by security vendor McAfee since January, the firm has said.

It reports there has been a 50% increase in the number of detected so-called "zombie" computers since 2008.

The true number of newly hijacked PCs is likely to be higher than those detected by McAfee alone.

The figures come as a report from Deloitte said a global approach to cyber-security was needed.

"Doing nothing is not an option," said Deloitte's Greg Pellegrino.

Everything that depended on cyberspace face unprecedented risks, said Deloitte Touche Tohmatsu (DTT).

"This issue is moving so quickly, and with so much at stake economically and in terms of safety and security for people, we don't have 100 years to figure this out," explained Mr Pellegrino, who is a global public sector industry leader at DTT.

McAfee also revealed that the United States now hosted the world's largest percentage of infected computers at 18% with China a not too distant second with just over 13%.

"The massive expansion of these botnets provides cyber-criminals with the infrastructure they need to flood the web with malware," said Jeff Green, senior vice-president of McAfee.

"Essentially, this is cyber-crime enablement."

"Daily living"

The DTT findings revealed a growing awareness of the role the internet plays in so many different aspects of our lives from security to commerce and from transportation to communication.
Dollars
Better cyber-security measures will benefit global commerce, says the report

"We are seeing this change from protecting the internet to a conversation about how we succeed and prosper in cyberspace," Mr Pellegrino told the BBC.

"Security spending is growing at a rate never seen before while the threat environment is growing at a pace of 40% a year.

"In terms of volume and severity of incidents, the math doesn't work and we have to come up with a different approach that requires public and private sectors working together," Mr Pellegrino said.

"We are talking about daily living," said fellow author Gary McAlum, who is a retired US Air Force colonel and senior manager of security and privacy services at Deloitte.

"There is a lot of discussion about the economy and the military and the public and private sector, but we have now reached a sense of urgency about the interconnectedness of all these areas."

That view was echoed by a member of the US military top brass who just gave evidence to a branch of the House Armed Services Committee.

"Our economy, the nation's critical infrastructure, and many of our military operations depend on unfettered access to cyberspace," said Lt Gen Keith Alexander, the director of the National Security Agency (NSA) who also heads the Pentagon's new Cyber Command.

"Maintaining freedom of action in cyberspace in the 21st Century is as inherent to US interests as freedom of the seas was in the 19th Century, and access to air and space in the 20th Century."

He has called for the creation of a digital warfare force for the future and has stated that the US needs to reorganise its offensive and defensive cyber-operations.

Prominence

The Deloitte study included interviews conducted with government officials and industry experts from around the world.

While it revealed a patchwork approach to the problem it also showed it was one that was gaining prominence.
fraud sign
There are 32,000 suspected cyber-attacks every 24 hours, says the NSA

"We were very pleased that there was a similar tone and awareness and leadership effort coming from different countries across the world," Mr Pellegrino said.

"Clearly this particular issue has a different context depending on where you are in the world. We cannot afford to go backwards."

In America, President Obama has made the issue of cyber-security a priority. Shortly after taking office he ordered a 60-day review that has now been delivered to his desk.

It is understood the release of the review has been delayed by the ongoing H1N1 swine flu crisis. When the report is made public, it is expected that the president will also announce his choice for cyber-security tsar to lead the charge.

While the Deloitte research said security in Asia-Pacific needed to "catch up" it noted that the United Kingdom was in the process of writing a national cyber strategy with an emphasis on public-private partnership.

On the continent, the European Commission has urged member states to co-ordinate on cyber-security measures, while in Latin America the report authors conclude that there is a "diversity of approaches".

Canada has completed its own cyber-security review and this year will be implementing the National Cyber-Security Strategy as well as creating a new Directorate of Cyber-Security with a mandate to engage closely with the private sector.

Despite all these efforts, the Deloitte authors point out that time is of the essence.

"Not only do we have to take action, we don't have enough time," warned Mr Pellegrino.

Mr McAlum agreed and said mapping a clear strategy was crucial.

"We need to get our house in order first so that we can interact with the rest of the world with one voice, with clear roles and responsibilities aligned."