Cybercriminals are waging a game of ‘cat and mouse’ with corporations, well-armed with malware protection AV software, but facing adversaries who scan constantly for weak points, according to the first quarterly report released by the UK’s new Computer Emergency Response Team. The key to winning this malware protection war, the organization says, is “communication” between governments and corporations.
The report hinted at a decline in the damage caused by DDoS attacks, according to CyberParse’s report. CERT commented that companies either had dedicated teams to deal with such attacks, or relied on specialist companies, according to Computer Weekly.
“Some organizations are able to handle the incident through existing capabilities, while others decide to bring in a cyber incident response-certified company to assist them,” said CERT-UK.
“DoS attacks have risen in prominence over the last few years, and the mitigation advice relating to them is well established,” UK CERT said.
“The low level of incident reports received by CERT-UK could be indicative that businesses are now well prepared to mitigate this attack, and so no longer need to seek assistance if afflicted by a DoS attack.”
The first 100 days of the new agency saw the Heartbleed bug, which the agency’s report said, “highlighted how important it is to have an accurate inventory of software installed on devices and to keep abreast of vulnerabilities in that software.”
The number of social media account compromises reported to the agency were “very low”- CERT speculated that this could be due to the fact that such incidents were often dealt with by law enforcement.
The agency commented that malware continued to evolve in “sophistication and advanced functionality” but that AV vendors kept pace with this.
“Securely configuring endpoint,devices, whether desktop, laptop, tablet or mobile can go a long way in preventing malware from compromising your network,” says CERT.
During its first 100 days, the organization has dealt with 500 businesses, and says communication is critical in cases such as the co-ordinated action against GameOver Zeus. CERT said that it was ‘critical’ that, “information flows freely between Government and industry”
In a detailed blog post describing the takedown of the notorious botnet ESET researcher Stephen Cobb writes, “We would all like technology to solve the cyber crime problem but it cannot. Reducing cyber crime will take sustained law enforcement efforts, at all levels, from the local to the international, plus cooperation from companies and consumers playing their part to stop the spread of malware and stop unauthorized access to systems and data. That means consistent use of strong anti-malware, strong authentication, and strong encryption. Together, we can make a difference.”
Author Rob Waugh, We Live Security