Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


Feds Wrestle With Security Threats

In Black Hat DC keynote, current and former government officials discuss emerging Internet threats

WASHINGTON -- BLACK HAT DC 2008 -- Hackers are getting more creative and avaricious, and enterprises and government agencies are struggling to keep up, current and former officials said here today.

In a frank assessment of the current state of security in the U.S., two keynote speakers said security professionals are fighting an uphill struggle to defend against an increasingly broad array of threats from cyber criminals..

"Today's hackers are increasingly motivated and persistent, and they're using technologies and practices that are becoming more sophisticated all the time," said Jerry Dixon, director of analysis for the Team Cymru research organization and former executive director of the National Cyber Security Division and US-CERT.

In a recent study, Team Cymru ran 1,066 pieces of current malware against 32 antivirus packages. The AV products detected only 37 percent of the malware. "A lot of people still think that because they have AV tools in place, they must be safe," Dixon said. "We have to help them understand that that's not the case."

Team Cymru has detected some 3.6 million command and control relations on the Web, which suggests a huge growth in botnet traffic, Dixon said. "And that's just what we know about," he says. "With increasing use of P2P and encryption, botnets are becoming very difficult to detect."

Enterprises need to do more to protect themselves against these growing threats, Dixon said. "We're still seeing that most organizations don't know where their data resides and who they're sharing it with." Some companies have not upgraded their router infrastructures for six or seven years, he notes, rendering them too old to take advantage of current security upgrades.

While Dixon offered the long view of Internet security threats, Internal Revenue Service security expert Andrew Frieh offered a look at some of the specific attacks, particularly phishing exploits, that target the U.S. tax service.

"We saw the first IRS phishing site in 2003, and there was only one in 2004," said Frieh, whose official title is Treasury inspector general for tax administration. "Currently, there are more than 1,600 of them."

The IRS is seeing a wide range of attacks that have evolved from these early phishing efforts, Frieh said. In some cases, phishers pretend to be IRS investigators and demand users' personal information. In other cases, the user is presented with an online form that offers a tax refund that can be deposited directly to that user's debit account.

"We'll likely see more of this as we prepare to issue tax relief in the second week of May," Frieh said.

Some phishers have expanded their IRS-related exploits to include "vishing" attacks that encourage users to give up personal information over the phone, Frieh said. The agency even has seen traditional 419 scams that ask the user to send money to a Gmail account, he said.

Most of the exploits emanate from eastern Europe, and the perpetrators generally are happy with even a very low threshold of success, Frieh said. "When you think about where some of these people live, they don't need to make hundreds of thousands of dollars to do well," he observed.

The government is making an effort to stop the growth of these attacks, and it has succeeded in shutting down a number of phishing sites, Frieh said. "But it's like playing a gigantic game of whack-a-mole," he says. "Once we shut down a site, another one pops up in its place."

The IRS also is making a conscious effort to expose vulnerabilities among taxpayers, Frieh said. Many hackers are moving away from direct attacks on Websites and seeking to install keyloggers and other malware, he observed. "Pretty soon there won't be a need for phishing sites," he said. "It'll all be done through keyloggers."

The agency is also taking a close look at P2P vulnerabilities, Frieh said. "Every year we do a P2P scan to see what we can find," he said. "You'd be surprised now many tax returns we can find with a simple scan."

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-01-22
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated reflected POST Cross-Site Scripting
PUBLISHED: 2021-01-22
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated blind OS Command Injection.
PUBLISHED: 2021-01-22
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a NULL Pointer Dereference that leads to a DoS in discoveryd
PUBLISHED: 2021-01-22
M&M Software fdtCONTAINER Component in versions below 3.5.20304.x and between 3.6 and 3.6.20304.x is vulnerable to deserialization of untrusted data in its project storage.
PUBLISHED: 2021-01-22
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a Cross-Site Request Forgery (CSRF) in the web interface.