Saturday, June 16, 2012

Flame and the Cyber Citizen. Why we should be worried?

Flame is hailed as the most sophisticated cyber weapon built to date. Discovered last month, it is currently the most talked about issue in the security community.

Flame is designed to propagate by intercepting window update requests to surreptiously install itself onto computers. The virus has the ability to self propagate over a local network and record audio, screenshots, keyboard activity and network traffic.  This data, along with locally stored documents, is sent to servers on the Internet controlled by the creators of Flame.

 Flame was primarily designed for espionage and its use targeted to companies in the Middle East. The flame virus is a normal application, with the major element of sophistication residing in its method of self propagation and detection avoidance.

Cybercriminals today, use similar applications. Their delivery mechanisms are not as sophisticated as the one in Flame. They also do not have the ability to self propagate and instead rely on tricking cybercitizens into downloading such applications onto a desktop or mobile phone.

These applications are built for a purpose, just like Flame was built for espionage. The main motive of cybercriminals is money, and therefore these applications are normally used for a variety of frauds such a premium sms scams, fraudulent cash transfers in internet banking and even espionage.

The relative ease at which users adopt new technology allows cybercriminals devise new ways to beat existing security systems.  For instance, the growth of the mobile apps stores provides a simple way to infiltrate malicious applications onto smartphones.  Cybercriminals have already built applications to beat the two factor authentication provided by banks. Once installed on your device, they proxy all requests to your Internet banking site through a cybercriminal controlled computer (actually call centers) allowing cyber criminals to make fraudulent transactions.

At the moment, there are no mature security products that can easily detect such applications as a first line of defense. Cybercitizens need to be cautious on what they download and where they download it form.