On February 21-22, Yerevan (Armenia) hosted the CIS round of the Sixth International Student Conference “CyberSecurity for the Next Generation” (held for the first time outside Moscow). Another innovative touch was the working language: English. All participants defended their papers in English. The organizing committee explained that this was necessary to prepare the winners for the finals scheduled for June 24-26 at the Royal Holloway University of London. Among the finalists will be winners of the European, North and South American, Pacific, Middle East, African, and CIS regional rounds.
CyberSecurity has been organized by Kaspersky Lab on an annual basis since 2008, with an eye to uniting the efforts of IT security pros and revealing young talents in the development of secure content and threat management solutions.
A total of 14 students and young scientists from Armenia, Russia, and Ukraine submitted papers on IT security. Ukraine was represented by Farid Dahiri, student from Kharkiv University of Radio Electronics, whose paper was entitled “Cloud Infrastructure for Vulnerability Testing.” Regrettably, he did not make it to Top Three. Two students of the State Engineering University of Armenia and one from the Siberian State Aerospace University will compete in London.
Ideas and concepts put forth by young researchers ranged from various methods of detection and analysis of malware, DdoS and spams to new communication protection techniques (including in social networks) to special tools that ensure the safe placement of services and data storage in the cloud. The students were offered to work in four conditional directions: First, mounting threats to the Android, Linux, Mac OS X, and other platforms that are quickly becoming popular. Until recently, Apple insisted that their products were virus-free, yet IT security experts report a wave of Linux-kernel server hacks. According to preliminary information, hackers take advantage of the service platform’s zero-day vulnerability; also, among the compromised systems are CentOS-based servers and RHEL 5 and 6 distributions with all updates. The exact method of compromise remains to be determined, although it has been established that /lib64/libkeyutils.so.1.9 file (or /lib/libkeyutils.so.1.9 for 32-bit systems) survives the attack, so that unauthorized connections are made through sshd. Thus, when joining a compromised server, using sshd UDP protocol, the credentials are sent to the 53rd external host port. The attacked system hosts a malicious code designed to connect the server to botnets and further spam.
Back in 2011 Kaspersky Lab experts registered a rapid growth of malicious software on most platforms. Windows, being popular with most users, is also popular with virus writers. Its malware rate has increased by 80 percent, compared to 35 percent in the case of Mac OS. Malware has been especially active on four mobile platforms, with Windows Mobile ending the list (13 percent), after Symbian (16 percent). Java2ME remains a lure for virus writers, considering that most unsophisticated mobile phones are based on it (160 percent malware rate). Android, however, beat them all to malware, having about two dozen in early 2011 and some 2,000 by the end of the year (12,000 percent rate).
Cloud data security was the second direction. Sergei Novikov, head of Russia’s Kaspersky Lab, stressed that this system is far more vulnerable to viruses, and that if worse comes to worst, not one but a great many users will lose their data.
The students were offered to work on corporate infrastructure protection. Modern companies prove more vulnerable to virus attacks and the consequences are more painful. Compromised servers threaten business, let alone its competitiveness. More often than not the company budget cannot afford new computers or servers.
Thirty-five percent of the companies lost data after cyber-attacks in 2012, with 25 percent suffering because of the vulnerability of their software. Such are the findings made by B2B International, commissioned by Kaspersky Lab.
According to the organizing committee, the user’s basic computer literacy is a very important part of information security. Hence the fourth direction: data security training programs.
UKRAINEPLACES EIGHTH IN THE WORLD AS TO THE NUMBER OF THREATS, WITH EVERY SECOND INTERNET USER BEING REGULARLY NETWORK-ATTACKED
There is an increasing number of PCs in the modern world. An active individual has to use more than one device to maintain his/her daily communications. O+K findings made especially for Kaspersky Lab in 2011, focusing on global Internet users, show that there are three various devices with Internet access per Ukrainian family, with 11.2 percent of the families using a set of such devices (PC, laptop, tablet, and smartphone). Saudi Arabia turned out to have the highest index: 4.3 devices per family, with Romania showing the smallest number: 2.6.
Ukraineplaces eighth in the world as to the number of threats, with every second Internet user being regularly network-attacked. Kaspersky Lab statistics read that over the past three months the number of attacks against the Ukrainian Internet users has increased by five percent (50 percent total), with every fourth removable media being infected. Programs such as Adobe, Java, Winamp, Opera, and Google Picasa, being used by millions, turn out to be most vulnerable to malware.