Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

6/28/2006
06:00 AM
50%
50%

Fearsome Decade

Escalation in sophistication and type of attacks means it's only a matter of time before you're a target

2:00 PM -- It's now been 10 years since the birth of the IT security industry as demarcated by Sun Microsystem's reselling of Check Point Software’s firewall on its hardware platform. That decade has been marked by dire predictions of cyber warfare, hackers, and the dreaded disgruntled employee. A decade ago, the biggest threat was thought to be the pimply teenager from Canada, the sort responsible for Web defacement such as the headline garnering attack on the New York Times homepage. Then they were credited with the creation of worms and viruses that had significant and devastating consequences for many organizations. But in light of rootkits, botnets, and worse, it won't be long until those days of battling viruses and malware are viewed as an innocent time of unfettered usage of the Internet.

The last 18 months have seen the rise of a cyber crime wave that is unchallenged and unabated. This crime wave takes several forms, but they are all interrelated. The dual scourges of adware and spyware that have infected most computers with dozens of unwanted programs that bog them down and even make them unusable is very familiar to any Windows user.

The criminal aspect to adware and spyware is in the way the software sneaks on to the computer using drive-by downloads or elaborate social engineering embedded in the end-user license agreement. Many of these are bundled with shockware such as stock tickers, weather tool bars, or screen savers. The distributors and creators of adware and spyware make money by forcing pop-up ads down to the PC. Each presentation of an ad generates revenue.

Documentation from the recent filing against New York’s Direct Revenue by Elliot Spitzer’s office reveals just how lucrative the business can be. The executives took $27 million out of Direct Revenue in 18 months. Each time a user clicks on an ad, that generates even more revenue. I estimate that this click-through adware industry represents over $2 billion in annual revenue, about one-sixth of the legitimate online advertising market.

But times are tough for this industry. There are many anti-spyware products, and legislation is making it illegal in the US and Europe. The bad guys are moving on to richer targets. The richest targets are stores of data that can be used to generate cash. Attacks against Lexis-Nexis, BJ Wholesale, and CardSystems have been successful and led to the loss of millions of records and uncounted profits for the attackers. CardSystems, a credit card processor, was forced out of business thanks to a data breach that exposed tens of millions of credit card records. Its assets were sold to Cybersource after the major credit card associations withdrew their support.

In 2004 the largest bank heist in history went unmarked by most of the financial press. It was revealed in October of that year that local authorities had stymied an attack on Sumitomo Mitsui's bank branch in the heart of London's financial district. The thieves masqueraded as the cleaning staff and with the assistance of a bank guard installed hardware key stroke loggers on critical PCs within the branch. The surreptitious devices were then used to harvest administrative passwords that allowed the bank robbers access to the PCs that were used to execute inter-bank wire transfers over the SWIFT network. The attackers then proceeded to transfer over $400 million to 10 different accounts around the world. To date, only one arrest has been made in the Sumitomo case. Bank officials claim that no funds were permanently lost. The question remains: What happened to the bank robbers? Are they even now targeting their next victim?

There is another frightening development in the world of cybercrime. That is the effective use of Distributed Denial of Service (DDOS) attacks to extort money from high-volume transaction sites on the Internet. The attack is usually prefaced with an email demanding funds, and the threat of a massive amount of Internet traffic innundating the target asset. Because online gambling sites, which are hosted in Costa Rica and other off-shore locales, were the first targets these attacks gained little notice. As these sites learned to protect themselves with redundant servers, high-end routing infrastructure, and huge amounts of available bandwidth, the perpetrators moved on to other targets.

The middlemen for online gambling are transaction processors that accept credit cards and funnel the money to the gaming sites. They too have begun to suffer from these extortion attempts. Any organization that sees a significant source of revenue from their Web assets is at risk of being targeted by a DDOS attack. This includes e-commerce sites, foreign exchanges, online brokerages, even the major stock exchanges.

For the last ten years it has been possible to hide in obscurity from targeted attacks. The time is rapidly approaching, less than 12 months by my estimate, when security by obscurity will no longer be viable. As the cyber criminals consolidate their earnings from successful attacks they are systematically seeking new targets. They are seeking out any organization that handles large volumes of credit card transactions to either steal that information or threaten an outage in exchange for money. Think that's overblown? Just last week, they targeted popular sites such as Google and eBay. It is time to revisit your risk assessment scenarios and include the certainty that your vulnerable online assets will be targeted in the coming months.

— Richard Stiennon is founder of IT-Harvest Inc. Special to Dark Reading

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-30481
PUBLISHED: 2021-04-10
Valve Steam through 2021-04-10, when a Source engine game is installed, allows remote authenticated users to execute arbitrary code because of a buffer overflow that occurs for a Steam invite after one click.
CVE-2021-20020
PUBLISHED: 2021-04-10
A command execution vulnerability in SonicWall GMS 9.3 allows a remote unauthenticated attacker to locally escalate privilege to root.
CVE-2021-30480
PUBLISHED: 2021-04-09
Zoom Chat through 2021-04-09 on Windows and macOS allows certain remote authenticated attackers to execute arbitrary code without user interaction. An attacker must be within the same organization, or an external party who has been accepted as a contact. NOTE: this is specific to the Zoom Chat softw...
CVE-2021-21194
PUBLISHED: 2021-04-09
Use after free in screen sharing in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-21195
PUBLISHED: 2021-04-09
Use after free in V8 in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.