The December 2022 issue of IEEE Spectrum is here!

Close bar

New Report Says Cyberthreats Multiplying Like Tribbles

The number of new malware strains has more than doubled since last year

2 min read
New Report Says Cyberthreats Multiplying Like Tribbles

Hackers have proven time and time again that they’ll eventually find a way to defeat any single digital security method. Their motivation to do so is evident in the fact that, on average, more than 150 000 new, unique malware strains are unleashed each day. That’s one of the startling conclusions drawn by analysts from the Aite Group in the report “Cyberthreats: Multiplying Like Tribbles” that was released earlier this week.

Tribbles were fictional creatures featured on the TV series Star Trek. They multiplied so rapidly that their consumption of resources grew exponentially. The same appears to be true of cybercrime. Julie Conroy, research director at Aite’s banking division and coauthor of the report, told IEEE Spectrum that last year, hackers were pumping out 72 000 new malware strains per day, less than half of the current level of cybercrime activity.

So, what’s the upshot? According to the report, “The username/password combination as an authenticator is officially broken…the sole relevant use of this combination is now that of a database look-up mechanism.” More than half of computer users don’t follow security experts’ advice to choose different, strong passwords for each of their online sign-ups—which allows a blaze in a small thicket to engulf a person’s entire online forest, so to speak. But what if you do follow best practices? “Nobody is ever 100 percent secure,” is the report’s sobering conclusion.

It does, however, point out steps that businesses such as banks, which are the primary targets of cybercrime, are taking to make a hacker’s job harder.

Among them are new ways to prevent a hacker from pretending to be an actual customer. Technology is available that will allow your bank to generate a “device fingerprint” for the computer, tablet, or smartphone you regularly use to conduct transactions. Business conducted from an unknown device automatically triggers more authentication steps.

Firms are also looking to use behavioral analytics. The vendor would collect data about how the customer interacts with, say, his or her smartphone. If the person using the handset owned by John Q. Smith (confirmed by the device fingerprint) doesn’t press the keys or swipe the touch screen the way Mr. Smith usually does, red flags would be raised.

Asked whether these security measures might be considered too intrusive, Conroy says they’re built into the process so that the average customer doesn’t even know it’s happening. “The aim is to perform a balancing act,” she says. “Businesses are asking themselves: How do we enable a secure environment without appearing to be Big Brother?”

Striking that balance may be impossible—especially in light of the fact that the U.S. government has and continues to force companies to turn over customer data. Conroy,whose research focuses on fraud, data security, and preventing money laundering, acknowledges that these new strategies may be implemented at the cost of a little privacy. But, she says, the alternative may be the loss of online and mobile channels for conducting business as the benefits of e-commerce are devoured by the rising tide of Tribbles. How much is being consumed? The report predicts that businesses worldwide will suffer more than half a billion dollars in losses from corporate account takeovers. Cyberthieves will take nearly US $800 million in 2016, say the analysts.

Image: Paramount Pictures

The Conversation (0)

Why Functional Programming Should Be the Future of Software Development

It’s hard to learn, but your code will produce fewer nasty surprises

11 min read
A plate of spaghetti made from code
Shira Inbar

You’d expectthe longest and most costly phase in the lifecycle of a software product to be the initial development of the system, when all those great features are first imagined and then created. In fact, the hardest part comes later, during the maintenance phase. That’s when programmers pay the price for the shortcuts they took during development.

So why did they take shortcuts? Maybe they didn’t realize that they were cutting any corners. Only when their code was deployed and exercised by a lot of users did its hidden flaws come to light. And maybe the developers were rushed. Time-to-market pressures would almost guarantee that their software will contain more bugs than it would otherwise.

Keep Reading ↓Show less