These days malware can hit you in any number of ways. They can even infect your computer through anti virus updates and through updates of your other software. They may install key loggers and Spyware on your computer and make it an e-surveillance unit. They can even corrupt the master boot record (MBR) and wipe and destroy sensitive information and data as happened in the case of cyber attacks upon banks and broadcasters of South Korea.
Further, the nature of malware itself has changed as they are now also State sponsored. These State sponsored malware are highly sophisticated in nature and can remain under cover for even decades. Sophisticated malware like Stuxnet, Duqu, Flame, etc have been used in the past in different parts of the globe.
Critical infrastructures protection has also become a major challenge with the SCADA systems still remaining exposed and unprotected. For instance, healthcare industry is facing increased cyber attacks against its critical infrastructures.
The major source of all these problems can be attributed to botnet that are practically used for all nefarious activities these days. As per a recent news report, botnet are causing losses upto the extent of $6 million a month for online advertisement industry. Botnet are openly available for sale and purchase in underground markets and hidden Internet.
Countries around the world and working in the direction of making their cyberspace and computer systems safer. Recently, computer systems of DRDO and security officials were breached and sensitive files were leaked. Cyber security of Indian satellites and critical infrastructure is also a cause of concern. To meet these grave cyber threats, a cyber security policy of India would be formulated very soon. The policy may also mandate offensive and defensive cyber security capabilities of India.
Similarly, DARPA would develop offensive and preventive cyber capabilities. As per media reports, US is developing 40 new teams of cyber agents to protect critical infrastructure and avert cyber attacks from crackers.
At the international level, as on date we have no international cyber law treaty, cyber security treaty or cyber warfare legal framework. Even the Tallinn manual on the international law is not applicable to international cyber warfare attacks and defence. In these circumstances, managing an unregulated and wild cyberspace and Internet is a very difficult task.
Recently a cyber security researcher has identified1.2 million unique unprotected devices that include webcams, routers, printers, etc. The researcher took control of these unsecured systems by using the default login credentials of these systems. He also created a botnet which acted as a distributed port scanner to scan the IPv4 address space and found about 1.2 million unique devices on the Internet.
Although this research work is illegal and unauthorised in many countries, including India, yet the result has demonstrated how insecure our computer systems and devices connected to the Internet are. They can be easily compromised and made part of the botnet that can be used for further cyber attacks and cyber crimes.
The golden rule of any cyber security policy of an organisation is that these devices should never be connected directly to the Internet but should be placed behind a firewall or some other network layer.
So from simple human mistakes to sophisticated malware, the future of cyber security of computer systems and associated devices is heading for a big challenge. So far the cyber criminals have an upper hand and law enforcement agencies and organisations are loosing the battle.