Computer Crime Research Center

etc/eye2.jpg

Hackers using a new threat, [email protected] survey

Date: May 16, 2006
Source: sev.prnewswire.com


From March 15 to March 24, 2006, 351 U.S. IT decision-makers who work for organizations with at least 100 employees, at least 1 percent of whom have internet access, were interviewed online, and from March 16 to April 4, 2006, 500 U.S. employees ages 18 and older who have internet access at work and who work for organizations with at least 100 employees were surveyed over the telephone on web and software application usage in their workplace.

According to the [email protected] survey, directionally, more organizations were hit by a hacking tool or a keylogger in 2006, as almost one in five (17 percent) of organizations have had employees launch a hacking tool or a keylogger within their network. This number has increased from 2005 in which 12 percent were impacted(1). A keylogger can be defined as one of the most dangerous types of spyware, which has the ability to record keystrokes and screen shots and can be replayed later to reconstruct a user session. These applications can be utilized by hackers to steal passwords and confidential information, which can then be used to provide full access to corporate systems and files.

The 2006 [email protected] survey also highlighted a new threat on the horizon -- bots. A bot (short for robot) is software that can be unknowingly installed on an end-user's PC that communicates with a command and control center. The command and control center has unauthorized control of many bot-infested PCs from a single point, and can be used for launching distributed Denial of Service attacks, acting as a spam proxy, and hosting malicious content and phishing exploits.

Only 34 percent of IT decision-makers said they are very or extremely confident that they can prevent bots from infecting employees' PCs when not connected to the corporate network. Furthermore, 19 percent of IT decision-makers indicated that they have had employees' work-owned computers or laptops infected with a bot. As bots are a relatively new threat to many IT decision-makers, there is still some discrepancy on whether or not to filter bot traffic -- the survey found that 62 percent of IT decision-makers reported that their companies filter bot traffic in their network; 14 percent do not; 24 percent were unsure.

Upon evaluating how the IT security landscape has changed in the past 12 months, spyware within the enterprise continues to be a problem -- 92 percent of IT decision-makers surveyed estimated that their organization has been infected by spyware at some point, compared to 93 percent in 2005.

The threat of phishing has stayed relatively constant in the past 12 months, as hackers utilize new deception techniques to lure in internet users. Four in five IT decision-makers (81 percent) report that their employees have received a phishing attack via email or instant messaging (IM), versus 82 percent in 2005. Of those, nearly half (47 percent) of IT decision-makers said their employees have clicked through the URL, compared to 45 percent 12 months ago. Perhaps due to increasing media coverage and nationwide attention, more employees are aware of phishing -- about half (49 percent) of employees have heard of phishing, compared to only 33 percent last year. Similarly, 44 percent of IT decision-makers believe that employees in their company cannot accurately identify phishing sites -- this is slightly improved from the past year in which 50 percent of IT decision-makers believed their employees could not accurately identify phishing sites.

"Although employee awareness of web-based threats such as phishing attacks and keyloggers is improving, the vast majority of employees still do not know that they could fall prey to these types of social engineering tactics in the workplace," said Dan Hubbard, senior director of security and technology research, Websense, Inc. "Organizations need to implement a proactive approach to web security which includes both technology to block access to these types of infected websites and applications, as well as rigorous employee internet security education programs."

IT Decision-Maker [email protected] Survey Results:

* HACKING TOOLS AND KEYLOGGERS -- 17 percent of IT decision-makers have
had employees launch a hacking tool or a keylogger within their
network, versus 12 percent in 2005.

* BOTS -- only 34 percent of IT decision-makers said they are very or
extremely confident that they can prevent bots from infecting
employees' PCs when not connected to the corporate network.
Furthermore, 19 percent of IT decision-makers indicated that they have
had employees' work-owned computers or laptops infected with a bot.
Sixty-two percent of IT decision-makers report their companies filter
bot traffic in their network; 14 percent do not; 24 percent were
unsure.

* SPYWARE -- ninety-two percent of IT decision-makers said their
organization has been infected by spyware at some point, compared to
93 percent in 2005.

* PHISHING -- four in five IT decision-makers (81 percent) report that
their employees have received a phishing attack via email or IM, versus
82 percent in 2005. Of those, nearly half (47 percent) of IT
decision-makers said their employees have clicked through the URL,
compared to 45 percent 12 months ago. Forty-nine percent of employees
have heard of phishing, compared to only 33 percent last year.
Forty-four percent believe that employees in their company cannot
accurately identify phishing sites, versus 50 percent in 2005.

* VIRUSES -- according to the 2006 results, 97 percent of IT
decision-makers said that they were at least somewhat confident that
their antivirus software is able to stop viruses from attacking their
network, yet almost half (46 percent) of companies have been infected
by a web-based virus, such as the Toopher, Scob, Sober, and/or Netsky
worm.

* INTERNET THREATS AND JOB RISK -- when asked which security breaches
could potentially put their job at risk, the top three responses were
system downtime due to viruses (50 percent), lost or stolen
intellectual property (44 percent), and internet security breaches
(38 percent). In comparison, in 2005, lost or stolen intellectual
property (45 percent) was the number one concern over system downtime
caused by viruses (41 percent).

* INTELLECTUAL PROPERTY -- there is much concern among IT decision-makers
regarding the loss of intellectual property. For example, 40 percent
said they are very or extremely concerned; 35 percent are somewhat
concerned; and only 25 percent are not very (21 percent) or not at all
(5 percent) concerned about the loss of intellectual property. Almost
half (48 percent) of companies have software in place to combat the
loss of corporate intellectual property. (30 percent do not have any
software in place, and 22 percent were not sure).

* TARGETED ATTACKS -- regarding the possibility of targeted web-based
security attacks against their company (i.e. being hacked or being hit
by a phishing scam), 76 percent of IT decision-makers said they are at
least somewhat concerned.

* USB DRIVES -- USB drive usage is also on the rise. Almost
three-quarters (73 percent) of IT decision-makers have had employees
use a portable hard drive, such as a USB device, to download company
information. This is compared to 65 percent in 2005.

* WHAT IT DECISION-MAKERS BLOCK -- to mitigate web-based attacks such as
phishing or malicious spyware, 63 percent of IT decision-makers
surveyed reported they block executable programs (attachments)
transmitted through email, compared to 2005, when 60 percent blocked
executables via email. However, only 15 percent said they block HTML
within emails, as compared to 14 percent 12 months ago. Also,
52 percent of IT decision-makers surveyed said they block executables
transmitted through IM, compared to last year in which only 47 percent
blocked executables through IM.

However, only 26 percent indicated they block HTML within IM, as
compared to 24 percent in 2005, suggesting that IM will continue to be
a back door for hackers to hit up unsuspecting employees. New
questions this year on that subject include whether or not IT
decision-makers block RSS feeds and zip files -- only 14 percent
reported they block RSS and 2 percent block zip files.
Original article



Add comment  Email to a Friend

Discussion is closed - view comments archieve
2006-12-29 08:11:10 - lhpwbgex woaylzsf lzdaixh jqetc tmxyaine... dkqpcui ngocseah
2006-12-29 08:11:09 - vcyl myobi qhbwvjlp obenawcry bwhztnc... jtrkvcndz hxsnoq
2006-12-29 08:11:06 - zdxiouq lkjypo kbxomn chezpvyf swgndaoy... xlymsv powgx
2006-12-29 04:53:47 - botmetkatres TramadoL40056
2006-12-28 23:21:55 - botmetkatres TramadoL54944
2006-12-28 09:36:20 - botmetkatres TramadoL63623
2006-12-28 04:29:35 - botmetkatres TramadoL31290
2006-12-28 00:27:57 - botmetkatres Sten17180
2006-12-27 04:28:25 - botmetkatres TramadoL92773
2006-12-26 04:03:03 - botmetkatres TramadoL58915
Total 11 comments
Copyright © 2001-2013 Computer Crime Research Center
CCRC logo