Malware Are Defeating Cyber Security Safeguards With Ease

Praveen Dalal-Managing Partner Of Perry4Law And CEO Of PTLBCyber Security and Malware are two sides of the same coin. While the former tries to protect critical infrastructures, computer systems, networks, etc yet the latter abhors this same protection. Malware writers are increasingly targeting digital assets to gain control over them and to manipulate them for cyber attacks, cyber crimes and other nefarious activities. We have often heard about machines being turned into botnet and compromised systems to further launch cyber attacks, send spam communications or to deliver malicious codes, software and payloads. A simple search at a customised search engine or with a customised search setting would reveal that Internet is full of unprotected and insecure devices, SCADA systems and computers. Naturally, the critical infrastructures relying upon them are very vulnerable to various forms of cyber attacks.

Malware have years of history and experience behind them to unsettle cyber security initiatives. As these malware evolved, their sophistication and impact has also become elegant. Cyber security service providers and companies are finding it really difficult to match the might of these malware. Some of these malware are so advanced that they are not detected even after many years of their victimisation. Malware like Stuxnet, Duqu, Flame, Uroburos/Snake, Blackshades, FinFisher, Gameover Zeus (GOZ), etc are some of the examples of such malware.

Financial sector has witnessed its own share of malware. For instance, the notorious malware Carbanak was instrumental in stealing about a Billion US Dollars from financial institutions worldwide. Vskimmer Trojan, capable of stealing credit card information from Windows systems, was already in circulation. Similarly, the Malware Dump Memory Grabber was also targeting POS systems and ATMs of major U.S. banks. These malware have created havoc in India and international levels.

Hardware based malware are also common these days. Kaspersky has revealed in the past that intelligence agencies have been using hardware based stealth spyware. These hard drives are manufactured by Western Digital, Seagate, Toshiba and other top manufacturers, thereby making their use a potential cyber hazard. Similarly, Lenovo was accused of pre installing adware in its laptops. We cannot ignore the killer USBs that can damage the system in which they are used. Telecom equipment companies like Huawei and ZTE are already facing heat over cyber security aspects of their telecom equipments in countries like India, Australia, etc. Huawei was also accused of breaching national security of India by hacking base station controller in AP.

As the law enforcement and intelligence agencies wish to engage in illegal and unconstitutional e-surveillance and spying, cyber security of computer systems and mobile phones and their communications are not allowed to be managed in a secured and encrypted manner. For instance, Vodafone has confirmed that India has been using “secret wires” in the telecom infrastructure to indulge in e-surveillance. Indian Department of Telecommunications suppressed the whole incidence with a mere assurance of “investigation” that never made public so far. This is the reason why Indian mobile security is poorer than Pakistan that is using much better and secured communication systems.

There is no dearth of ideas and methodologies that malware owners can use. U.S. law enforcement agencies have been using fake cell phone towers to illegally intercept mobile communications and data. Surveillance hardware and software like Stingray, Triggerfish, etc are commonly used in U.S. and other jurisdictions. It has also been reported that NSA has been using radio waves and malware for engaging in world wide e-surveillance. Even Anti virus updates can be exploited to install malware upon the targeted systems. Thus, whether a computer system is online, offline or an isolate one, the “combined technique” of malware embedded hardware, spyware, malware and radio waves can allow NSA to get the “relevant information” with some effort in this regard. No doubt, U.S. government is also the biggest buyer of malware in the world.

It is obvious that besides having robust and resilient cyber security infrastructures we also need self defence mechanisms to prevent malware from infecting our systems. There are some methods that can be used to minimise cyber attacks and cyber threats from these malware but 100% cyber security is not possible. However, there are limits to legitimate exercise of self defence and it ceases to be available after a point. In the absence of international cyber law treaty and international cyber security treaty (PDF), this limit has to be judged and guided by the principle of private international law.

Nevertheless, complicated techno legal issues in the field of cyber law and cyber security would keep on arising in the absence of international harmonisation. For instance, authorship attribution is a complicated subject that has to be ascertained before a cyber crime or cyber attack liability can be imputed to an individual, nation or organisation. Similarly, whether a victim can launch his/its own cyber attack against the offender is still to be judged by the courts around the world. Nature, scope and prevention of cyber warfare is another complicated area that cannot be resolved by taking recourse of Tallinn Manual. For the time being, malware are clearly winning the fight against the cyber security vendors and if there is no change in the “strategy and mindset” of security stakeholders, this would be the norm for the next decade.

At Perry4Law Organisation (P4LO) we have dedicated a blog titled International Legal Issues of Cyber Attacks and Cyber Security in this regard. The aim is to provide a techno legal database of articles and opinions about international legal issues of cyber attacks, cyber security, cyber crimes and cyber law. It is supported by Centre of Excellence for Cyber Security Research and Development in India (CECSRDI). We would cover more techno legal issues of cyber security, malware and international law at that blog.

This entry was posted in Uncategorized. Bookmark the permalink.

11 Responses to Malware Are Defeating Cyber Security Safeguards With Ease

  1. Pingback: US And Europe Are Enacting Laws To Protect Trade Secrets Of Businesses And Companies | Global Techno Legal News And Views

  2. Pingback: Cyberspace May Be Deignated As An Official Operational Domain Of Warfare By NATO Members | Global Techno Legal News And Views

  3. Pingback: Cyber Security Framework For Indian Banks Prescribed By Reserve Bank Of India (RBI) | Global Techno Legal News And Views

  4. Pingback: Infocaos | Cyber Espionage Policy Of India Is Urgently Needed: Perry4Law Organisation (P4LO) | International Legal Issues Of Cyber Attacks, Cyber Terrorism, Cyber Espionage, Cyber Warfare And Cyber Crimes

  5. Pingback: Infocaos | Infocaos | Cyber Espionage Policy Of India Is Urgently Needed: Perry4Law Organisation (P4LO) | International Legal Issues Of Cyber Attacks, Cyber Terrorism, Cyber Espionage, Cyber Warfare And Cyber Crimes

  6. Pingback: Digital India Project Of Narendra Modi Government Lacks Cyber Security Capabilities | Centre Of Excellence For International Cyber Security Law Of India (CEICSLI)

  7. Pingback: Cyber Security Trends In India 2017 By Perry4Law Organisation (P4LO) | Online Resource Centre Of Perry4Law Organisation (P4LO)

  8. Pingback: National Critical Information Infrastructure Protection Centre (NCIIPC) Of India Needs Rejuvenation | Centre Of Excellence For Cyber Security Research And Development In India (CECSRDI)

  9. Pingback: Cyber Security Issues For Law Firms, Lawyers And Legal Professionals | Online Resource Centre Of Perry4Law Organisation (P4LO)

  10. Pingback: National Judicial Data Grid (NJDG) Cyber Security Must Be Strengthened In India | Techno Legal Centre Of Excellence For E-Courts In India (TLCOEECI)

  11. Pingback: NSDL’s Negligence In Reporting Cyber Breach Irks SEBI | Centre Of Excellence For Cyber Security Research And Development In India (CECSRDI)

Comments are closed.