GOVERNMENT TECHNOLOGY/Fending off spyware
Government agencies are facing emerging cybersecurity threats that are the result of increasingly sophisticated methods of attack, including spyware. Spyware poses an especially serious threat to local governments because it can capture and release sensitive information, make unauthorized changes and decrease system performance.
Spyware is defined as software that installs itself covertly, without the computer user’s consent, monitors the user’s activities and sends the collected data to remote locations. Spyware often works in conjunction with remote access Trojans (RATs) that allow attackers to remotely control the infected systems. Access to the computers is often auctioned off online to other attackers, forming collections of infected machines, commonly referred to as botnets.
Spyware also may be accompanied by keyloggers that continually capture screenshots and keystrokes from the infected system, sending them to the attacker. Captured account details, which can include login credentials, are sometimes sold to the highest bidder via the same network of organized criminals.
The lack of effective spyware removal tools that can be used throughout a computer network and the number of spyware programs that are adept at evading detection are key challenges that administrators must address to combat the growing problem. A recent study conducted by Mt. Pleasant, S.C.-based Equation Research found that 96 percent of systems administrators surveyed believed they were protected from spyware by traditional antivirus software and firewalls. But in the same survey, 83 percent of respondents noted their desktops were currently infected with spyware, a clear indication such traditional remedies are not effective.
Spam filters can help reduce the potential for malicious e-mails reaching user desktops. Spammers often work with spyware companies, sending e-mail messages with links that point to miscreant Web sites. Recipients who click the links are unintentionally inviting malicious code onto their computers. Likewise, reading e-mail in plain text will prevent the Web bugs used by spammers from validating e-mail addresses. Plain text e-mail also can prevent vulnerabilities in the mail client from being exploited that can allow malicious code to execute automatically. Additionally, current versions of browsers offer security enhancements, and more restrictive login privileges for users inhibit the rights afforded to malicious code. However, those types of remediation offer only partial relief, and their success often relies on users’ cooperation.
Keeping systems secure by plugging holes in operating systems and software with patches is the most effective means of preventing malicious code from entering an enterprise. Software also is available to detect, prevent and remove potentially unwanted programs, including spyware and adware. Additionally, a Web site, SpywareManagement.org, has been created as the first vendor-neutral, independent forum devoted to information sharing for enterprise-related spyware and adware issues.
Those charged with defending government data must not rely solely on traditional antivirus and firewall software. By better understanding spyware and protecting disclosure of highly sensitive information, local governments can fend off spyware threats.
The author is chief technology officer for Roseville, Minn.-based Shavlik Technologies.