Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

11/23/2005
03:46 PM
50%
50%

Security's Sisyphean Situation

Did you hear that? It's the sound of your network and applications being attacked. Hear that? It just happened again. What's worse, the nature of these attacks is changing. Gone are the good old days of simply having your Web site defaced, your e-mail corrupted by indiscriminant worms, and your networks flooded by brute-force denial-of-service attacks. Sure, you'll see plenty of those in 2006, but what you should really be worried about are the attacks you can't see. Where did it all go wrong? L

Did you hear that? It's the sound of your network and applications being attacked. Hear that? It just happened again. What's worse, the nature of these attacks is changing. Gone are the good old days of simply having your Web site defaced, your e-mail corrupted by indiscriminant worms, and your networks flooded by brute-force denial-of-service attacks. Sure, you'll see plenty of those in 2006, but what you should really be worried about are the attacks you can't see. Where did it all go wrong? Let's take a look.The thought on everyone's mind as we close out 2005 is how hacking has morphed from a hobby to a criminal enterprise. The people who keep an eye on such trends say they're seeing an increase in Trojans and other malware designed to "own" computers. This means hackers are assembling botnets for profit-making ventures, as launching pads for spam, for denial-of-service extortion, to steal passwords and other personal information, and to run phishing attacks.

"Criminal attacks represent a new threat for most organizations," Bruce Schneier, CTO of Counterpane Internet Security Inc., wrote in a report issued earlier this month by the company. "Most organizations have built their computer and network-security systems to defend against the hobbyist threat. Criminals are more highly motivated, better funded, less risk-averse, and more tenacious. Defending against them will require even more expertise and resources." Great.

But take heart. This criminal behavior apparently doesn't affect all industries equally. If you're not in, say, the financial services industry, you've got a much better chance of being left alone. In its report, Counterpane indicates that 50% of all the targeted scans the company detected on the 500 networks it monitors were aimed at financial services companies. The only other vertical close that even came close was bio-health with 17% of the targeted scans. In case you were wondering, such scans occur when someone interrogates multiple targets looking for potential vulnerabilities.

It's interesting to note that utility and power companies were low on Counterpane's list of attack targets. I don't know about you, but my utility and cable companies are constantly after me to pay my bills online, which I steadfastly refuse to do this, given that it takes five visits for the cable company to fix any problem with their service. One of Schneier's colleagues, Doug Howard, who's Counterpane's VP of services and delivery, at a teleconferenced security industry roundtable recently confirmed that utilities are looking to gather an increasing amount of personal information about their clients. This could be a dangerous trend, however, since "these companies haven't traditionally invested as much in IT security as security for their other systems," Howard said.

Not a comforting thought, given that today's attacks are all about gathering personal information. In the beginning of the year, half of the malware Symantec's Security Response division tracked was targeted at stealing confidential information. "From where we stand right now, 83% of what we're seeing is about stealing confidential information," Dave Cole, director of Symantec Security Response, told me this week. "That's a sizable shift. We're not seeing the big, noisy stuff." When asked what he meant by "noisy," Cole pointed out that Symantec categorizes malware according to its severity, with a Category 5 attack signifying pure poison for IT systems. In 2004, Symantec counted 33 Category 3 or Category 4 malware events (none, thankfully, in Category 5). This year, that number was down to only five. "Instead of seeing these huge, Internet-shaking events, we saw death by a thousand cuts," Cole said.

The relentless flood of spam doesn't help matters. As a global average, spam makes up 70% of all e-mail traffic, according to MessageLabs Ltd., a provider of e-mail security and management services that claims to process 1 billion messages weekly (I kind of feel the same way). To put a finer point on it, in August, one in 43 e-mails MessageLabs monitored was infected with a virus. Five years ago, only one in every 2,500 e-mails would contain a virus.

So, what's on tap for 2006? Look for rootkit-based attacks to continue. If you're not sure what that is, ask Sony. Also look for attackers to hit client-side applications growing in popularity, including VoIP, instant messaging, and media players. If we're really lucky, we'll even start to see attacks against networked consumer devices, such as gaming systems that let players face off via the Internet (again, sorry Sony). "The goal here would be to put these systems into an unusable state and worth about as much as a doorstop," Cole said. We may also see an increase in short-message-service spam. "Korea actually saw more SMS-borne spam than e-mail spam this year," Cole added.

I'd like to think I covered all of the bases here, but there's way more. My InformationWeek colleague Tom Claburn this week wrote a story about a report from the SANS Institute, in conjunction with government representatives from the U.S. and the UK, that highlights the 20 most critical Internet security vulnerabilities for 2005. SANS found that software applications and network devices are becoming the preferred targets of hackers, as opposed to the operating systems, Web servers, and e-mail servers they favored over the past several years. Look for an even more comprehensive story from Tom next week about the changing nature of security threats and what's being done (and what should be done) to arrest the problem.

At this point, I'd like to wish each and every one of my readers (you know who you are) a very happy and healthy Thanksgiving. For those of you who don't celebrate Thanksgiving, well, enjoy the rest of the week. Please send me your thoughts and comments on the challenges you're facing related to security. I'd like to hear about them and include your experiences in future blogs.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
US Formally Attributes SolarWinds Attack to Russian Intelligence Agency
Jai Vijayan, Contributing Writer,  4/15/2021
News
Dependency Problems Increase for Open Source Components
Robert Lemos, Contributing Writer,  4/14/2021
News
FBI Operation Remotely Removes Web Shells From Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/14/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-3035
PUBLISHED: 2021-04-20
An unsafe deserialization vulnerability in Bridgecrew Checkov by Prisma Cloud allows arbitrary code execution when processing a malicious terraform file. This issue impacts Checkov 2.0 versions earlier than Checkov 2.0.26. Checkov 1.0 versions are not impacted.
CVE-2021-3036
PUBLISHED: 2021-04-20
An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software where secrets in PAN-OS XML API requests are logged in cleartext to the web server logs when the API is used incorrectly. This vulnerability applies only to PAN-OS appliances that are configured to us...
CVE-2021-3037
PUBLISHED: 2021-04-20
An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software where the connection details for a scheduled configuration export are logged in system logs. Logged information includes the cleartext username, password, and IP address used to export the PAN-OS conf...
CVE-2021-3038
PUBLISHED: 2021-04-20
A denial-of-service (DoS) vulnerability in Palo Alto Networks GlobalProtect app on Windows systems allows a limited Windows user to send specifically-crafted input to the GlobalProtect app that results in a Windows blue screen of death (BSOD) error. This issue impacts: GlobalProtect app 5.1 versions...
CVE-2021-3506
PUBLISHED: 2021-04-19
An out-of-bounds (OOB) memory access flaw was found in fs/f2fs/node.c in the f2fs module in the Linux kernel in versions before 5.12.0-rc4. A bounds check failure allows a local attacker to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The hi...