Information Security News mailing list archives

Beware of the new breed of hackers


From: InfoSec News <isn () c4i org>
Date: Wed, 14 May 2003 00:18:10 -0500 (CDT)

http://zdnet.com.com/2100-1107_2-1001204.html

By Gregor Freund 
CNET News.com
May 13, 2003

COMMENTARY--Bank robbers rarely choose a target at random when
planning a heist. They usually have intimate knowledge of their
target, scope it out and plan the attack. We see a similar approach
now being used on the Internet.

But the goal for hackers is changing. Five or six years ago, most were
mere vandals, attacking vulnerable targets with an experimental,
shotgun approach. Malicious hackers concentrated their efforts on
destructive viruses and swiftly spreading worms that crawled
haphazardly across the Internet, infecting individuals and
corporations indiscriminately. The only real payoff these hackers
received was a perverse pride--bragging rights and the ability to
regale others with the scope of their destruction.

Other hackers were more pure in their motives; they probed defenses to
increase their knowledge, publicized vulnerabilities to encourage
stronger security, and even fought for social justice using
"hacktivism."

While I can't condone any of these behaviors, today we're seeing a far
more dangerous hacker attack--the targeted attack. Targeted attacks
are carried out by highly skilled hackers motivated by financial gain
and armed with the expertise to do serious damage.

They brandish a sophisticated array of tools against very specific
targets, shifting the game from haphazard Internet tinkering to
pinpointed assaults with the potential for major damage. And this
trend is snowballing: Both the number of targeted attacks and the
financial ramifications of these attacks are increasing.

Every year the Computer Security Institute and the Federal Bureau of
Investigation survey a group of approximately 500 U.S. companies about
financial losses due to security breaches. The 2002 data shows an
increase in reported financial losses of 21 percent, or $455.8
million. That figure is especially noteworthy when compared to 1997's
reported losses of a mere $100 million.

A statistic from Riptech, a provider of security services, illustrates
this expanding problem; targeted attacks against its customer base
last year reached 40 percent, far above the expected 15 percent.

The bottom line? We are seeing an increase in the number of targeted
attacks resulting in escalating financial losses for corporations and
serious security compromises for government organizations. If those
statistics don't seem impressive, consider this: Those numbers are
based upon reported attacks. Many organizations will not report
damages suffered from attacks, or even the fact that they've been
attacked.

To clearly grasp the potential effect of targeted attacks, consider
the damage done by the Code Red and Nimda worms of 2001, when
estimates of corporate losses topped more than $3 billion in lost
productivity. But lost productivity is the proverbial tip of the
iceberg when it comes to these exploits.

As damaging as Code Red and Nimda were, the harm that they inflicted
came mostly from the network traffic slowdowns that they caused--and
from the amount of time that it took to "disinfect" computers.  
Imagine, though, an automated threat that combines the unprecedented
infectiousness of Nimda with a malicious "payload" that erased hard
drives or searched for likely confidential files.

Such exploits could yield top-secret national intelligence, valuable
intellectual property or sensitive customer information. A chief
information officer at a major defense contractor recently shared her
fears: It's not the next Code Red or Nimda that worries her; it's the
thought of someone using the elements of Code Red or Nimda to craft a
specific, targeted attack on her enterprise networks that keeps her
awake at night.

The problem is that hackers have already moved beyond basic tools like
viruses and port scanners to more sophisticated techniques that use
such tools more in concert with each other. We've all heard about the
type of Trojan horse that can open "back doors" to a network, often
remotely. These mechanisms, called RATs for Remote Access Trojans,
monitor traffic, intercept passwords and establish secret
communication channels for the hacker to use at will in order to pluck
sensitive information and deliver it back to "hacker HQ."

A major software manufacturer has already become a victim of this type
of attack. The intruders (yes, there were more than one) had three
months of unfettered access to the company's "trustworthy" network
before the incursion was even noticed. Did they steal source code,
or--even worse--did they secretly modify it?

And, of course, there's a new twist. Rather than using a Trojan horse
that operates as a separate, standalone application--which may be
discovered--hackers now employ "malware" that subverts your other,
trusted applications. They use your copy of Outlook or Internet
Explorer to send the hacker your corporate secrets--and even to make
sure that the "tag-along" transmissions are encrypted with Secure
Sockets Layer!

If your trusted applications are doing the communicating, most
security measures let them pass without a second glance. And by using
several types of malware that act in concert, these techniques can
leave no evidence of the targeted attack, let alone a trail to follow.

Believe it or not, this can happen even with major corporate
investments in security technology. In fact, your security technology
may not be able to let you know that you've been the victim of a
targeted attack due to the high level of customization that is
involved in such a breach. You may not find out that you've been
attacked until your competitor introduces your secret new product
before you do or displays an eerie ability to get in front of your
prized customers and prospects before your sales team can do so.

With the escalating sophistication of attack methods and the richness
of prizes available to hackers, we are far from safe. Think of
cyberattackers as an innovative entrepreneurs--we must also innovate
to stay one step ahead of their game. Corporations, government,
technology vendors--especially the security industry--must take a
proactive approach to security and continue to promote innovation and
competition. After all, it will cost us dearly if we fall behind the
innovation curve of those highly motivated hackers who carry out
targeted attacks.

Gregor Freund is co-founder and chief executive of Zone Labs.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.


Current thread: