Brits can’t defend against GOZeuS and CryptoLocker

The National Crime Agency is warning computer users that they have two weeks to protect against a “powerful computer attack”. It comes as US officials have accused a Russian hacker of masterminding the scam and raking in £60m. Two pieces of malware software known as GOZeuS and CryptoLocker are at the centre of the alert.

Steven Harrison, lead technologist at Exponential-e comments:

“Brits can not defend themselves against GOZeuS and CryptoLocker. The malware double-act will not be stopped in its tracks by individuals updating virus signatures – as the attack will resurface in new clothing. To stop GOZeuS morphing and resurfacing in two weeks, the attack must be fought on a much wider scale and treated as a national cyber defense issue. 

“The disruption of GOZeuS and CryptoLocker by the NSA to provide the British public with a two week window should be applauded. However, there needs to be a shift in how Britain defends against this constant onslaught of attacks of financial, personal or business data.  And, the shift in onus on individuals to protect themselves changed.  

“In this case GOZeuS went undetected as it was passed from one computer to another. This peer-to-peer behaviour would be identified as unusual if you can see the normal behaviour of a workforce, a community or postcode. Only by applying holistic threat detection, that watches the behaviour of a large number of people, can we defend against threats that resurface in a different uniform or attack us for the first time. This must happen at the ISP layer and be provided as a service.”