Tag: Comparison of antivirus software

Earlier this month, the head of the NCSC (National Cyber Security Center)told government officials in the UK that they should not use antivirus programs made with Russian technology in the midst of threats to national security and state secrets.

NCSC’s Ciaran Martin wrote to Whitehall chiefs to warn them that Russia could utilize antivirus software to “target UK central Government and the UK’s critical national infrastructure.”

Ian Levy, NCSC’s technical director, had this to say, “Given we assess the Russians do cyber-attacks against the UK for reasons of state, we believe some UK government and critical national systems are at increased risk.”

As a result, the Barclays bank sent emails to 290,000 customers, informing them that they would be doing away with the free antivirus products offered by Kaspersky Lab, Russia’s biggest antivirus company.

This isn’t the first time Kaspersky Lab has come under fire. The United States previously accused them of being used by Russia for matters of espionage, but the security giant firmly denied this.

In November of this year, they staunchlydefended allegations that they knowingly extracted sensitive files from an NSA worker’s computer, with a spokesman insisting that “this level of access allows our software to see any file on the systems that we protect.” Then he cribbed a line from Spiderman to hammer home his point, “With great access comes great responsibility.”

Indeed, it does, which is why people of all nations and government institutions need to realize their own responsibility for fighting off malicious attacks, either by hackers or spies.

It has long been known that antivirus software doesn’t really work the way we would like to imagine it does. Not only is there no clear method for the average online user to know how effective their antivirus software is without understanding code, it also merits mentioning that human error extends beyond the user to the companies who offer antivirus to their customers.

As we saw in January of 2016, a software platform can be installed with awide-open Node.js server on customers’ computers, leaving them completely vulnerable to any website executing a malicious application on their machine by sending an seemingly innocuous JavaScript request.

In recent years, we’ve seen widespread attacks by increasingly sophisticated cybercriminals. According to a report on Newsweek.com, ransomware attacksrose 250 percent in 2017, striking a serious blow to the United States.

These zero-footprint attacks use your computer’s operating system against you by relying on legitimate applications to gain access to your computer. Since these cybercriminals aren’t installing new software, any antivirus tool will fail to recognize it. Nearly 80 percent of the attacks we’ve seen in the last year were “fileless.”

Hacker attacks affect one in three Americans each year with attacks occurring every 39 seconds. Cybercrime hits every one from financial institutions, phone customers, small businesses, and government agencies. No one is safe from it unless they take appropriate measures to secure their computer.

Nation-states have been actively deploying cyber weapons against the West in the last decade and their goal is quite obvious — to gather intel on America and its allies. Most nation-states develop five-year plans on their cyber activity strategy. It is a calculated effort, one that has dramatic consequences.

As these incidents have proliferated, businesses and governments have been more adamant about identifying malicious activity, but they have also taken ill-advised measures to remedy the problem. All too often, their go-to solution is some form of antivirus.

Unfortunately, some of the biggest names like McAfee and Trend Micro fail to pick up on malware. They are also ineffective when it comes to new viruses or “Zero Day” viruses. To put it another way, even if you have the most up-to-date antivirus software, 35 percent of the Zero Day malware will be undetected.

When it comes to Russia, their aggressions have been particularly prolific. German Chancellor Angela Merkel has said that her website has been hit by thousands of cyber attacks, many of which came from Russian IP addresses.

Russian probes pose just as much of a threat to the US as any other country and if their allegedcyber warfare “testing” on Latvia has taught us anything, it’s that we can’t leave our guard down.

It is time the American government got serious about internet security and privacy. President Trump has flip-flopped on his cyber policy in the last year, first by repealing the FCC’sinternet privacy rules, then by rolling out his Critical Infrastructure Security and ResilienceToolkit.

In the toolkit, the president urges people all across the nation to integrate cybersecurity into facility and operational protective measures and write op-eds in their local papers about the importance of critical infrastructure, but he fails to comprehend the simple way that we can all protect ourselves against potential threats.

Internet privacy is as important as any other form of cybersecurity. By allowing Internet Service Providers to collect and share their customer’s online data and personal information, the government is leaving people open to all sorts of attacks from telemarketing and mail scams to malware, ransomware and more.

Small businesses and government institutions should be proactive about selecting a solution that will safeguard them against the ever-more sophisticated attacks facing their nation. By staying current up on cybersecurity trends and exploring the kind of military-grade encryption that is now available to the general public, we can avail ourselves of applications that amount to virtual bodyguards.

Sam Bocetta is a defense contractor for the U.S. Navy, a defense analyst, and a freelance journalist. He specializes in finding radical — and often heretical — solutions to “impossible”​ ballistics problems. Through Lakeview Capital, he also cultivates funding for projects — usually naval, defense, and UAV startups. He writes about naval engineering, mechanical engineering, electrical engineering, marine ops, program management, defense contracting, export control, international commerce, patents, InfoSec, cryptography, cyberwarfare, and cyberdefense. To read more of his reports — Click Here Now.