Dublin’s Symantec a key cybercrime fighter

The red warning lights flashing on the world map on monitors at Symantec’s Dublin office are visible signs of a cybercrime pandemic that is costing companies hundreds of billions of euros every year.

“We are seeing 1.6m new threats around the globe every day,” says Orla Cox, senior manager of Symantec’s security response team.

“Asia is one of the most active areas in terms of hackers launching targeted attacks while criminal attacks are often launched from Russia, Ukraine and eastern Europe,” she says.

Dublin hosts one of Symantec’s three global security response centres, which monitor and block hundreds of thousands of cyberattacks every day.

The other centres are based in the US and Japan, which enables engineers to work 24 hours protecting global customers from malicious software used by criminal gangs and, increasingly, nation states to hack computers.

Symantec estimates cybercrime cost consumers about $110bn in 2012.
But the total cost of cybercrime to business, government and consumers, which is notoriously difficult to monitor, might have been as much as €338bn in 2011, according to the company.

The security response team at Symantec uses “honeypot systems”, which are unprotected computers connected to the internet, to detect and analyse malware in a controlled environment.

One increasingly popular malware detected by the team in Dublin is “ransomware”. This type of malicious software locks a computer and uses law enforcement imagery displayed on a user’s screen to intimidate victims into paying a fee to unlock the machine. About 3 per cent of infected users are paying up.

“The message on the screen is often targeted geographically, so for example in Ireland it would come from the Irish police,” says Cox. “We have identified at least 16 gangs involved in this ransomware and estimate they made at least $5m in 2012,” she says.
Symantec’s engineering team in Dublin on July 10 2010 detected Stuxnet, a computer worm aimed at crippling Iran’s nuclear industry.

This piece of malware is so sophisticated it is believed to have been developed by groups linked to the US or Israeli security services.

“This was a highly targeted attack. It looked for very specific systems related to Iran’s uranium enrichment programme and damaged them,” says Ms Cox.

“We were the first company to determine the payload of Stuxnet,” she says. “Stuxnet slowed them [the Iranians] down,” she said.

State-sponsored cybercrime is becoming a big threat to companies, non-governmental organisations and governments.

Well-organised and highly trained computer specialists have access to finance, which enables them to buy sensitive technical information, dubbed “zero-days” in the industry, which helps them penetrate security.

The Guardian newspaper and several other news organisations came under attack last week from a pro-Syrian group of hackers, called the Syrian Electronic Army.
The same hacker group caused a 145-point drop in the Dow Jones Industrial Average on April 23 when it sent out a bogus tweet from the hacked Twitter account of Associated Press news agency about a bomb attack injuring President Obama.

In February, Mandiant, an US cyber security company with its European headquarters based in Dublin, published a report identifying a group linked to the Chinese military as being responsible for a “computer espionage campaign”.

Its report alleged the People’s Liberation Army had targeted at least 141 attacks against the US and other English speaking countries.

Mandiant even tracked the hacking to a particular division of the PLA, unit 61398, to a 12-storey building in the Pudong district of Shanghai.

China has consistently denied its military is involved in cyber attacks on the US corporations and government agencies.

But most security experts believe the sophistication of some forms of malware would require state sponsorship.

“It could be sensitive information, a form of spying, it could be disrupting financial or utility companies,” says Tom Keating, Mandiant’s managing director of engineering in Ireland.

“It has become almost a pandemic and many people don’t even know their systems have been compromised,” he says. “The sky is the limit in terms of the types of attacks that can be launched because hackers can change their method of attack.”

Statistics: Cybercrime in 2012
● 556m adults worldwide experienced some form of cybercrime
● Half of all targeted attacks were aimed at businesses with fewer than 2,500 staff
● Manufacturing was the most targeted sector by cybercrime in 2012, accounting for almost a quarter of targeted attacks.
● 50 per cent of mobile malware created attempted to steal information or track movements
● The most frequently targeted job role by cybercriminals was in R&D, which accounted for 27 per cent of attacks
● The number of data breaches fell by 26 per cent. Some 93m identities were exposed by cybercriminals, a drop of 60 per cent on 2011
● Spam accounted for 69 per cent of all email, down from 75 per cent in 2011
● One in 291 emails contained a virus, down from one in 239 in 2011
Source: Symantec Internet Security Threat Report 2013