How EMC/RSA Scared Me Half to Death

Enterprise-quality botnets are a growing threat to businesses

I was at an EMC event recently getting an overview, along with a number of others, on several of their programs and strategies. An RSA cyber security expert got my attention with a scenario that suggested most banks and a number of large enterprises (that aren’t currently in bankruptcy) might soon be made bankrupt by what amounts to the productization of enterprise-quality botnets.

While they assured me that EMC and RSA have programs that can prevent the kind of global meltdown the scenario predicted, I am not at all sure in the current economic conditions that companies will fund the programs necessary to prevent it in time. So since I haven’t been able to sleep soundly since I got this briefing, I thought I would share the pain in the hope that folks will at least be aware of how big this problem could be.

Productizing malware and botnets
According to RSA, there’s a massive ramp-up of services that create and sell viruses as products. These viruses come with warranties and support, and are created by professional teams that likely were at least partially formed by the collapse of some of Eastern Europe’s large spy organizations. The quality of the product they’re selling is high, and the price is affordable -- at a couple hundred dollars (they are actually cheaper than many non-hostile software products), RSA said.

The problem for the buyer is that they then have to create and manage a delivery mechanism, and this part is far from easy. Well, this industry is stepping up to this problem with software as a service offerings that have enterprise-class botnets that can distribute the virus or perform other malicious activities.

This is all possible because the laws in the countries hosting these services treat these firms as if they were building weapons. In other words, what they do is legal and only the people using the services can be prosecuted for illegal behavior if caught -- which doesn’t happen very often.

Here is the problem as I see it: Much of the activity is still run by professionals who know not to kill the golden goose and keep their pilfering down to a level where it’s cheaper for the financial community to write off the losses than it is to aggressively prevent this malware. But when you suddenly introduce lots of new people all trying to do this with enterprise-quality tools, it’s a different story.

Today, banks and financial information aren’t the only ones being targeted by cyber criminals, according to RSA. Top executives from companies are being targeted because their IDs and passwords can be used for anything from getting information, to making insider trading investments, to penetrating enterprise financial systems.

Clearly this kind of thing scares the hell out of me, and suggests that if there isn’t strong monitoring in place and constant reminders to employees to watch for unusual activity -- particularly with regard to phishing attempts targeting them or their information -- your firm may be exposed. And it demonstrates once again that cyber crime is accelerating at a rapid pace. Just because we are currently worried about financial conditions doesn’t mean we should take our eyes off of the security ball. And if you’re still living with just IDs and passwords, this should serve as a reminder that this level of security has not been, and never will again be, adequate.

— Rob Enderle is President and Founder of {complink 7210|Enderle Group). Special to Dark Reading.

Editors' Choice
Jai Vijayan, Contributing Writer, Dark Reading
Kelly Jackson Higgins 2, Editor-in-Chief, Dark Reading