Kaspersky Lab's Eugene Kaspersky and F-Secure's Mikko Hypponen spoke out about the growing difficulties in keeping up with cyber criminals. In a speech at CeBit in Hanover, Germany, Kaspersky stated flatly that, "If the growth in malware continues at the current pace, makers of anti-virus software may not be able to withstand the onslaught" (Andrej Sokolow, "Experts warn war against computer viruses could be lost as onslaught spreads", Gulf Times, 18 Mar 2007). Hypponen seconded Kasperky's concerns stating that it's getting very difficult to deal with the 40,000 suspected files received from customers each day.
According to Sokolow's article, cyber-criminals have advantages that they exploit with ever-increasing frequency, including:
- The sheer volume of malware and the fact that criminal activity on the Internet knows no national borders make it almost impossible to effectively deal with malware threats. Kaspersky recommends creating an international police agency, similar to Interpol, to aid in intelligence gathering and across border sharing of information.
- The innocence of humans [gullibility?] that allows criminals to trick them into installing malware on their machines, responding to phishing attacks, etc.
- Malware production is turning into a worldwide industry. "[Criminal organizations] are paying programmers the kind of salary that I could never afford," said Natalya Kaspersky, co-founder of Kaspersky Lab.
- The cost of services delivered is low for malware producing companies. The systems, and the resources required to operate them, are provided by the infected home or business owner.
Tom is a security researcher for the InfoSec Institute and an IT professional with over 30 years of experience. He has written three books, Just Enough Security, Microsoft Virtualization, and Enterprise Security: A Practitioner's Guide (to be published in Q1/2013). Before joining the private sector, he served 10 years in the United States Army Military Police with four years as a military police investigator. He has an MBA and CISSP certification. He is also an online instructor for the University of Phoenix.