Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


Feds Wrestle With Security Threats

In Black Hat DC keynote, current and former government officials discuss emerging Internet threats

WASHINGTON -- BLACK HAT DC 2008 -- Hackers are getting more creative and avaricious, and enterprises and government agencies are struggling to keep up, current and former officials said here today.

In a frank assessment of the current state of security in the U.S., two keynote speakers said security professionals are fighting an uphill struggle to defend against an increasingly broad array of threats from cyber criminals..

"Today's hackers are increasingly motivated and persistent, and they're using technologies and practices that are becoming more sophisticated all the time," said Jerry Dixon, director of analysis for the Team Cymru research organization and former executive director of the National Cyber Security Division and US-CERT.

In a recent study, Team Cymru ran 1,066 pieces of current malware against 32 antivirus packages. The AV products detected only 37 percent of the malware. "A lot of people still think that because they have AV tools in place, they must be safe," Dixon said. "We have to help them understand that that's not the case."

Team Cymru has detected some 3.6 million command and control relations on the Web, which suggests a huge growth in botnet traffic, Dixon said. "And that's just what we know about," he says. "With increasing use of P2P and encryption, botnets are becoming very difficult to detect."

Enterprises need to do more to protect themselves against these growing threats, Dixon said. "We're still seeing that most organizations don't know where their data resides and who they're sharing it with." Some companies have not upgraded their router infrastructures for six or seven years, he notes, rendering them too old to take advantage of current security upgrades.

While Dixon offered the long view of Internet security threats, Internal Revenue Service security expert Andrew Frieh offered a look at some of the specific attacks, particularly phishing exploits, that target the U.S. tax service.

"We saw the first IRS phishing site in 2003, and there was only one in 2004," said Frieh, whose official title is Treasury inspector general for tax administration. "Currently, there are more than 1,600 of them."

The IRS is seeing a wide range of attacks that have evolved from these early phishing efforts, Frieh said. In some cases, phishers pretend to be IRS investigators and demand users' personal information. In other cases, the user is presented with an online form that offers a tax refund that can be deposited directly to that user's debit account.

"We'll likely see more of this as we prepare to issue tax relief in the second week of May," Frieh said.

Some phishers have expanded their IRS-related exploits to include "vishing" attacks that encourage users to give up personal information over the phone, Frieh said. The agency even has seen traditional 419 scams that ask the user to send money to a Gmail account, he said.

Most of the exploits emanate from eastern Europe, and the perpetrators generally are happy with even a very low threshold of success, Frieh said. "When you think about where some of these people live, they don't need to make hundreds of thousands of dollars to do well," he observed.

The government is making an effort to stop the growth of these attacks, and it has succeeded in shutting down a number of phishing sites, Frieh said. "But it's like playing a gigantic game of whack-a-mole," he says. "Once we shut down a site, another one pops up in its place."

The IRS also is making a conscious effort to expose vulnerabilities among taxpayers, Frieh said. Many hackers are moving away from direct attacks on Websites and seeking to install keyloggers and other malware, he observed. "Pretty soon there won't be a need for phishing sites," he said. "It'll all be done through keyloggers."

The agency is also taking a close look at P2P vulnerabilities, Frieh said. "Every year we do a P2P scan to see what we can find," he said. "You'd be surprised now many tax returns we can find with a simple scan."

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Tor Weaponized to Steal Bitcoin
Dark Reading Staff 10/18/2019
Data Privacy Protections for the Most Vulnerable -- Children
Dimitri Sirota, Founder & CEO of BigID,  10/17/2019
State of SMB Insecurity by the Numbers
Ericka Chickowski, Contributing Writer,  10/17/2019
Register for Dark Reading Newsletters
White Papers
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
2019 Online Malware and Threats
2019 Online Malware and Threats
As cyberattacks become more frequent and more sophisticated, enterprise security teams are under unprecedented pressure to respond. Is your organization ready?
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2019-10-23
Sourcecodester Hotel and Lodge Management System 1.0 is vulnerable to unauthenticated SQL injection and can allow remote attackers to execute arbitrary SQL commands via the id parameter to the edit page for Customer, Room, Currency, Room Booking Details, or Tax Details.
PUBLISHED: 2019-10-23
XMLLanguageService.java in XML Language Server (aka lsp4xml) before 0.9.1, as used in Red Hat XML Language Support (aka vscode-xml) before 0.9.1 for Visual Studio and other products, allows a remote attacker to write to arbitrary files via Directory Traversal.
PUBLISHED: 2019-10-23
XML Language Server (aka lsp4xml) before 0.9.1, as used in Red Hat XML Language Support (aka vscode-xml) before 0.9.1 for Visual Studio and other products, allows XXE via a crafted XML document, with resultant SSRF (as well as SMB connection initiation that can lead to NetNTLM challenge/response cap...
PUBLISHED: 2019-10-23
An issue was discovered on TerraMaster FS-210 4.0.19 devices. An authenticated remote non-administrative user can read unauthorized shared files, as demonstrated by the filename=*public*%25252Fadmin_OnlyRead.txt substring.
PUBLISHED: 2019-10-23
An issue was discovered on TerraMaster FS-210 4.0.19 devices. An unauthenticated attacker can download log files via the include/makecvs.php?Event= substring.