There are no boarders in cyberspace, so you see a lot of these organizations hosted through ISPs in one region supported through a registrar in another region and can constantly move and migrate shop. One of the key areas that we need to concentrate on, and something of much interest to me coming from a security research standpoint, is the flow of this information – the legwork and coordination. There's a lot of research out there and a lot of informative technical articles. But right now as we've entered into this evolution where cybercrime has started to develop in professional organizations in the digital underground, this is something that law enforcement hasn't kept up to pace with. We're starting to see some steps forward in this area.
I wouldn't call it resistance, I think it's a resource issue. Not only is this pinpointed on law enforcement, I think there are several areas that this need to go through. You have your level of law enforcement , which is key in terms of take down and the cattle prodder when it comes to investigating and there's action that needs to be taken at ISPs and registrars as well. There's a sort of a level of resistance at those levels as well. If you're trying to communicate with a specific registrar with phishing domains, there's still that level of resistance too. I think having the integration between those three areas with law enforcement acting on it and IT security space providing that action flow it will go a long way. Right now it is kind of slow moving. Where do you see the next big threat coming from?
One of the key areas that we still need to improve on and that people should be scared about is identity theft and leveraging a lot of this personal information, not only from an end user point but from corporations as well. I think a key area is the education in this. It's not something new, but with social engineering tactics. It's an age old trick with social engineering emails using hot topics and current trends to capitalize on it. I think this is an especially sensitive time, just because there's a mass amount of people that are involved with it and the end user weak mental nature in terms of falling pray to these types of attacks. I think this is just the beginning of it. Right up there are some of these emails playing on this theme of the current financial crisis. We're going to see a lot more of that kind of activity and it looks like the perfect opportunity for the cybercrime community to sink its teeth into it. It still amazes me that after so many years of getting these emails that some of them are still successful.
In terms of the scam itself, it's exploitation of the human mind. Social engineering is a proven technique that has worked time and time again. One thing they have adapted to is moving from their communication channel. You have traditional inbox email spam which is still very prevalent today. Because it's been around for so long click through has gone down because of spam filtering technologies. Now they're taking those scams and putting them in social websites and blog networks, but the social engineering in the scam stays pretty much the same. It proves time and time again to be very effective. Do you think that we've seen the last of those really large scale worms and viruses we used to see all the time?
I don't think so. This is something that we're closely monitoring right now because of the most recent out-of-band patch from Microsoft which brought out some eerie reminiscence of worms of the past. As some of these issues are uncovered, it's only a matter of time before proof of concepts and the information falls into the hands of bad guys. We have made significant progress in protecting against these attacks but in terms of exploiting them, I think it's a matter of resources. If something like this is uncovered it will continue to haunt cyberspace for a while.