Computer Crime Research Center


Hackers shift targets in 2006

Date: March 06, 2006

Successful exploitation of this MS .WMF vulnerability would allow an attacker to perform arbitrary code execution, initiate a denial-of-service attack, and take control of a user's machine. According to US-CERT, at least 57 worm variants were almost immediately observed leveraging this vulnerability. Such a rapid rise in cyberattacks ultimately forced Microsoft to bow to "strong customer sentiment" and issue an early fix to the problem.

As the authors of the most recent edition of the Symantec Internet Security Threat Report observed, there has been a discernible shift in the threat landscape. Attackers are moving away from large, multipurpose attacks on network perimeters and concentrating instead on more focused attacks on client-side targets. The authors predict that this new threat landscape will likely be dominated by emerging threats such as bot networks, customizable modular malicious code, and targeted attacks on Web applications and Web browsers. Moreover, where traditional attack activity was motivated by curiosity and a desire to show off technical virtuosity, the new threats are motivated by profit.

This article looks at the new threat landscape in some detail in order to better prepare enterprises for the complex Internet security issues likely to arise in 2006.

New targets
In the concluding section of the latest Internet Security Threat Report, the authors discuss emerging trends and issues that they believe will become prominent over the next year. The most critical of these for enterprises include:

• Modular malicious code. This is malicious code-such as worms, viruses, and Trojans-that initially possesses limited functionality; however, once installed on a target computer, it downloads other pieces (or modules) of malicious code with different functionalities and further compromises the infected computer.

• Bot networks. Bots (short for "robots") are programs that are covertly installed on a user's computer in order to allow an unauthorized user to control the computer remotely. Symantec has determined that there is strong correlation between the number of bot computers and the number of denial-of-service attacks. Over the next year it is expected that there will be a more coordinated community of bot network computers carrying out more sophisticated, targeted attacks.

• Phishing targets. Phishing has evolved from simple attempts to obtain small items of information like gaming passwords to all-out identity theft. Because there are far more small targets (such as regional banks) than large ones (like credit card companies) and because smaller targets generally present fewer challenges for attackers, the number of phishing targets will most likely continue to grow.

• Adware/spyware. As cellular telephones, PDAs, and hybrid devices become more prevalent, it is reasonable to assume that security threats, such as spyware and adware, will increasingly target them.

• Wireless security. The growing number of people using wireless connectivity has brought a corresponding increase in the number of concerns posed by insecure wireless access points.

• VoIP threats. According to a recent Evalueserve study, by the end of this year, it is expected that two-thirds of the Global 2000 companies will have adopted VoIP (Voice over Internet Protocol) as their primary means of voice communication. The introduction of VoIP on enterprise networks in the absence of appropriate security measures could introduce another entry point for attackers to exploit. (In October, Skype Technologies warned that flaws in its Internet telephony software could allow attackers to take control of a user's system.)

The shift to non-PCs
Speaking recently to InformationWeek newspaper, Dave Cole, director of Symantec Security Response, said he thinks one of the biggest developments over the next year will be attacks and attempts on alternative devices and platforms. As networked and user devices gain more intelligence and more computing power, they may become targets.

"We're seeing a shift in emphasis over to non-PCs: your router, your switch, your backup device," Cole told InformationWeek. "It's like whack-a-mole. You hit one and another pops up. We've now got to make sure the entire infrastructure is protected."

Although there haven't been any widespread attacks, Cole said cell phones and mobile devices will also become ripe for hacking as software becomes interoperable and financial data is loaded onto their hard drives and networks. And Cole said there has been "a heavy amount of scrutiny" on end-point applications associated with VoIP.

It didn't take long before some of Cole's predictions were borne out. Earlier this month, The Washington Post reported that popular BlackBerry handheld devices are vulnerable to a security hole that could let attackers break in to the gadgets by convincing users to open a specially crafted image file attached to an email. An alert posted by US-CERT confirmed that remote code execution is possible.

IM emerges as a target
When it comes to new technologies, few have been adapted as quickly by enterprises as IM (instant messaging). From shipping companies to hedge funds, businesses in almost every market segment are adopting IM at a record pace to improve their information sharing abilities and to decrease the time needed to make business decisions. But the rapid adoption of IM networks by corporate users makes instant messaging a viable vehicle for malicious threats. Real-time communication solutions like IM create a new attack vector for threats to enter an enterprise network.

Last year witnessed a dramatic increase in the number of such threats, according to IMLogic Inc., a leading developer of enterprise software for IM. (Symantec announced on January 3 that it plans to acquire IMLogic.) With over 2,400 threats discovered in 2005, the year over year increase was nearly 1,700%. November 2005 was the most dangerous month to date, with a record number of unique threats (307) being discovered.

IM worms are the driving force behind this spike. These threats are particularly fast to propagate and mutate, making them an attractive option for malware authors. IM worms are also the most dominant threat type hitting the public IM networks, and all of the popular networks have been attacked.

As a result, enterprises will increasingly require a holistic management tool to control all real-time collaboration and keep it available, compliant, and secure.

For the new generation of financially motivated hackers, 2006 will present numerous opportunities to develop increasingly more sophisticated attack methods. As Symantec's Cole told InformationWeek, wherever the money is, that's where the attackers will play. For today's real-time enterprises, that makes 2006 a year in which they must take aggressive steps to minimize the risk of business disruption due to information security threats.
Add comment  Email to a Friend

Copyright © 2001-2024 Computer Crime Research Center
CCRC logo