Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


Feds Wrestle With Security Threats

In Black Hat DC keynote, current and former government officials discuss emerging Internet threats

WASHINGTON -- BLACK HAT DC 2008 -- Hackers are getting more creative and avaricious, and enterprises and government agencies are struggling to keep up, current and former officials said here today.

In a frank assessment of the current state of security in the U.S., two keynote speakers said security professionals are fighting an uphill struggle to defend against an increasingly broad array of threats from cyber criminals..

"Today's hackers are increasingly motivated and persistent, and they're using technologies and practices that are becoming more sophisticated all the time," said Jerry Dixon, director of analysis for the Team Cymru research organization and former executive director of the National Cyber Security Division and US-CERT.

In a recent study, Team Cymru ran 1,066 pieces of current malware against 32 antivirus packages. The AV products detected only 37 percent of the malware. "A lot of people still think that because they have AV tools in place, they must be safe," Dixon said. "We have to help them understand that that's not the case."

Team Cymru has detected some 3.6 million command and control relations on the Web, which suggests a huge growth in botnet traffic, Dixon said. "And that's just what we know about," he says. "With increasing use of P2P and encryption, botnets are becoming very difficult to detect."

Enterprises need to do more to protect themselves against these growing threats, Dixon said. "We're still seeing that most organizations don't know where their data resides and who they're sharing it with." Some companies have not upgraded their router infrastructures for six or seven years, he notes, rendering them too old to take advantage of current security upgrades.

While Dixon offered the long view of Internet security threats, Internal Revenue Service security expert Andrew Frieh offered a look at some of the specific attacks, particularly phishing exploits, that target the U.S. tax service.

"We saw the first IRS phishing site in 2003, and there was only one in 2004," said Frieh, whose official title is Treasury inspector general for tax administration. "Currently, there are more than 1,600 of them."

The IRS is seeing a wide range of attacks that have evolved from these early phishing efforts, Frieh said. In some cases, phishers pretend to be IRS investigators and demand users' personal information. In other cases, the user is presented with an online form that offers a tax refund that can be deposited directly to that user's debit account.

"We'll likely see more of this as we prepare to issue tax relief in the second week of May," Frieh said.

Some phishers have expanded their IRS-related exploits to include "vishing" attacks that encourage users to give up personal information over the phone, Frieh said. The agency even has seen traditional 419 scams that ask the user to send money to a Gmail account, he said.

Most of the exploits emanate from eastern Europe, and the perpetrators generally are happy with even a very low threshold of success, Frieh said. "When you think about where some of these people live, they don't need to make hundreds of thousands of dollars to do well," he observed.

The government is making an effort to stop the growth of these attacks, and it has succeeded in shutting down a number of phishing sites, Frieh said. "But it's like playing a gigantic game of whack-a-mole," he says. "Once we shut down a site, another one pops up in its place."

The IRS also is making a conscious effort to expose vulnerabilities among taxpayers, Frieh said. Many hackers are moving away from direct attacks on Websites and seeking to install keyloggers and other malware, he observed. "Pretty soon there won't be a need for phishing sites," he said. "It'll all be done through keyloggers."

The agency is also taking a close look at P2P vulnerabilities, Frieh said. "Every year we do a P2P scan to see what we can find," he said. "You'd be surprised now many tax returns we can find with a simple scan."

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 10/30/2020
6 Ways Passwords Fail Basic Security Tests
Curtis Franklin Jr., Senior Editor at Dark Reading,  10/28/2020
'Act of War' Clause Could Nix Cyber Insurance Payouts
Robert Lemos, Contributing Writer,  10/29/2020
Register for Dark Reading Newsletters
White Papers
Current Issue
How to Measure and Reduce Cybersecurity Risk in Your Organization
In this Tech Digest, we examine the difficult practice of measuring cyber-risk that has long been an elusive target for enterprises. Download it today!
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-10-30
The package pimcore/pimcore from 6.7.2 and before 6.8.3 are vulnerable to SQL Injection in data classification functionality in ClassificationstoreController. This can be exploited by sending a specifically-crafted input in the relationIds parameter as demonstrated by the following request: http://v...
PUBLISHED: 2020-10-30
This affects the package codemirror before 5.58.2; the package org.apache.marmotta.webjars:codemirror before 5.58.2. The vulnerable regular expression is located in https://github.com/codemirror/CodeMirror/blob/cdb228ac736369c685865b122b736cd0d397836c/mode/javascript/javascript.jsL129. The ReDOS vu...
PUBLISHED: 2020-10-30
Trend Micro Antivirus for Mac 2020 (Consumer) contains a race condition vulnerability in the Web Threat Protection Blocklist component, that if exploited, could allow an attacker to case a kernel panic or crash. An attacker must first obtain the ability to execute high-privileged code on the targ...
PUBLISHED: 2020-10-30
Trend Micro Antivirus for Mac 2020 (Consumer) contains an Error Message Information Disclosure vulnerability that if exploited, could allow kernel pointers and debug messages to leak to userland. An attacker must first obtain the ability to execute high-privi...
PUBLISHED: 2020-10-29
Cross-Site Scripting (XSS) vulnerability on WSO2 API Manager 3.1.0. By exploiting a Cross-site scripting vulnerability the attacker can hijack a logged-in user’s session by stealing cookies which means that a malicious hacker can change the logged-in user’s pass...