hardware report
  home servers storage security computers networks telephony peripherals

direction

analysis

unique

box
 SERVERS
 Blade Technology Advances


 STORAGE
 SCSI Catches Fibre


 SECURITY
 New Tricks For Old Threats

 

Annual Cyber Security Report
The 2008 annual report from the Georgia Tech Information Security Center (GTISC) showcases five escalating cyber security threats. The report is titled, "Emerging Cyber Threats Report for 2009: Mobility and Questions of Responsibility will Drive Cyber Threats in 2009 and Beyond." GTISC interviewed a host industry security practitioners and recognized experts to tabulate and quantify security threats as well as countermeasures. The top five security concerns are malware, botnets, cyber warfare, VoIP vulnerabilities and the advancement of the cyber crime economy.

Not surprisingly, attackers are showing increasing sophistication, aggressiveness, and adoption at exploiting new methods and developments, such as the rise of social media sites. If the web is to be a trusted medium, private industry and government must coordinate and team in a more formal and strategic positioning in order to stay proactive in the cyber security fight.

The skills required to develop malware are increasing and maturing and becoming more widely distributed across the Internet. The report cited Ryan Naraine, security evangelist for Kaspersky, as forecasting a 10-fold increase in malware detected in 2008. "As cyber attackers mature beyond mass-distribution style phishing scams, they are learning how to localize and personalize their attacks for more precise and pointed penetration," according to the GTISC report. "Social media and networking sites like MySpace, Facebook, LinkedIn and others will likely be used as delivery mechanisms to get unsuspecting participants to a malicious Web site link in order to deliver malware payloads."

As an example, the report described an exploit that sends a Facebook message from one friend to another, about a YouTube video, including a hyperlink to the video. The unsuspecting recipient clicks on the hyperlink and views a prompt to download an updated version of Flash player to run the video. Unfortunately for the user, when he clicks on the update, it actually installs malware on his computer. Another habitual weakness that malware continues to take advantage of is the delay in patching and updating software and personal computers. Kaspersky's Naraine says the average corporation takes three to five months to apply a Windows patch throughout the company, giving significant time for malware programs and the botnets to take advantage of known weaknesses.

Botnets
GTISC researches estimate that 15 percent of all online computers in 2008 will unknowingly become part of a botnet network as they will be infected with code that puts them under the control of a remote botmaster. Botnet penetration is up from an estimated 10 percent in 2007. Infections may occur even through legitimate Web sites as botnet delivery methods are becoming more subtle and sophisticated and users do not have to actually do perform any actions other than loading the Web page to their browser which then enables sophisticated botnet infections. According to Wenke Lee, a professor at GTISC and a leading botnet researcher, uncovering bot communications and spider-like networks is extremely difficult, "It's very difficult to filter bot traffic at the network edge since it uses http (port 80) and every enterprise allows http traffic. To illustrate the magnitude of the problem, the GTISC research report cites a second quarter 2008 assessment by Panda Labs, which discovered 10 million bot computers were used to distribute spam and related malware over the Internet every day.

Cyberwar
Cyberwar is becoming the most feared security infiltration as it may be state sponsored. Cyberwar is the deliberate use by one nation to leverage computer attacks to cripple or infiltrate an enemy nation's military, economic and infrastructure assets. Estonia faced unprecedented cyber attacks in 2007 from Russia during a political dispute. The GTISC report references the work of Don Jackson, director of threat intelligence for SecureWorks, in compiling research that implicates the Russian government in cyber attacks against Georgia in mid 2008. Most Georgian Internet traffic is routed through Turkey and Russia and on August 10, 2008, the day after the Russian Air Force was given the green light for air attacks against Georgia, Internet traffic routed through Turkey was almost completely blocked, and IP traffic through Russia "was slow and effectively unusable," according to the GTISC report. According to Jon Ramsey, CTO for SecureWorks, "We can expect such attacks to increase due to several reasons, including the fact that such attacks are inexpensive to mount compared with conventional war fighting, many governments' cyber defenses are weak or non-existent, the Internet offers "plausible deniability" for attackers and there are no "rules of engagement" to govern such cyber conflicts among nations.

VoIP and mobile devices
VoIP (voice over Internet protocol) traffic, like e-mail, is being targeted for fraud, theft, and attack scams. As wireless VoIP expands, decentralized denial of service (DDoS) attacks become more than an inconvenience and as prior era DDoS attacks have shown for years, the attacker's primary goal is blackmail and extortion in order to prevent widespread and sustained voice disruption, according to Tom Cross, a researcher with the IBM Internet Security Systems X-Force team. Mobile devices are drawing cyber criminals as the handhelds are used more often for transacting business and accessing sensitive data such as credit reports and bank account information, according to Dave Amster, vice president of security investigations for Equifax. One likely forecast is that smart phones will be targeted for immense malware driven mobile botnets.

The very lack of open security standards in mobility today may actually be positive, because it provides industry players the chance to develop and apply them comprehensively, an opportunity missed for PCs, according to the report.

Cybercrime
The report shows ample evidence that cyber criminals are increasingly professional, organized and profit-driven. It also comments that would-be criminals now can buy, lease, subscribe, or pay-as-you-go to obtain the latest in malware assembly kits, complete with product guarantees and even service-level agreements. According to one researcher in the report, some even have multiple language customer service.

Gunter Ollmann, chief security strategist for IBM Internet Security Systems, categorizes three tiers in this unfolding criminal industry: low-level criminals who purchase and use kits to execute specific crimes; skilled developers, often in teams or groups, jointly working to create new components for their commercial malware-creation products; and "managed service providers" that can apply and sustain malware attacks on a regional or global scale.

Meeting these cyber threats will require at least a three-pronged proactive initiative, including technology, regulation, and education. For example, technology such as DomainKeys Identified Mail (DKIM) and Sender Policy Framework (SPF) to sign e-mails, coupled with user education, can almost entirely rid phishing as a problem.

 
 computer hardware

Servers | Storage | Security | Computers | Networks | Telephony | Peripherals

Home | Search | Sitemap | Directory | Resources | Links | Terms | Contact | Privacy | 508 | Buzz