CST Acquire Cellar Systems

Call us on +44 (0)20 7621 7836 LinkedInTwitter

Call +44 (0)20 7621 7836 LinkedInTwitter

May 11, 2013

The urban myths surrounding malware

People need to wake up to the harsh realities of online security, says a visiting professor at the University of Surrey. A lack of understanding is leaving many susceptible.

Professor Alan Woodward, who advises the government and several FTSE 100 companies on security related matters, highlighted a collection of urban myths which need to be dispelled.

“I cannot be infected simply by visiting a website”

Woodward confirms one of the most common misconceptions – that a user cannot be infected simply by visiting a website.

“As with many myths it contains a grain of truth. However, you may not recognise that you are giving your permission by default to certain types of download,” says Professor Woodward.

The professor points to the use of techniques called ‘drive-by’ attacks. These methods vary using everything from Java updates to IFrames to download and execute malicious script without the user consciously giving permission.

“All computers, if connected to the internet, are vulnerable.”

“Reputable sites present no threat”

Next he addressed the myth that reputable sites will not contain malicious code. Woodward explained that many sites which allow visitors to comment on news posts or review products leave themselves open to exploitation.

“With webpages often being an amalgamation of content drawn from various sources, it is very difficult for webmasters to close all the loopholes,” he explained on bbc.co.uk.

“My computer contains nothing of value”

Many users claim their computer contains nothing of of any real value but Woodward says this could not be further from the truth. Something as simple as an address book is manna from heaven to a cyber criminal looking for an effective way to spread infected code.

According to computerweekly.com, figures from Infosec 2013 found that the cost of cyber breaches had increased three-fold in the past year. Figures coming out of Symantec also reveal that there was a three-fold increase in the number of attacks on small businesses too.

Professor Woodward believes that society still has some way to go to fully understand computer security but he says the threat is very simple to understand.

“All computers, if connected to the internet, are vulnerable,” he concludes.

If you are unsure whether your defences measure up, you may wish to consider our APT (Advanced Persistent Threat) assessment service to exam your internet traffic for a few weeks. This would trap the hosts calling back home to the nefarious website and, as it does not rely Anti-Virus product signatures, instead using traffic analysis to determine the threat, you can detect zero day attacks. Call 020 7621 7836 for details, or email us at info@cstl.com. Alternatively, we also provide a broader reaching service, ‘Cyber Threat Assessment’, that looks to measure your defences against all ingress points across your organisation.