[ISN] Beware of the new breed of hackers

From: InfoSec News (isnat_private)
Date: Tue May 13 2003 - 22:18:10 PDT

  • Next message: InfoSec News: "[ISN] New hacking tool sees the light"

    http://zdnet.com.com/2100-1107_2-1001204.html
    
    By Gregor Freund 
    CNET News.com
    May 13, 2003
    
    COMMENTARY--Bank robbers rarely choose a target at random when
    planning a heist. They usually have intimate knowledge of their
    target, scope it out and plan the attack. We see a similar approach
    now being used on the Internet.
    
    But the goal for hackers is changing. Five or six years ago, most were
    mere vandals, attacking vulnerable targets with an experimental,
    shotgun approach. Malicious hackers concentrated their efforts on
    destructive viruses and swiftly spreading worms that crawled
    haphazardly across the Internet, infecting individuals and
    corporations indiscriminately. The only real payoff these hackers
    received was a perverse pride--bragging rights and the ability to
    regale others with the scope of their destruction.
    
    Other hackers were more pure in their motives; they probed defenses to
    increase their knowledge, publicized vulnerabilities to encourage
    stronger security, and even fought for social justice using
    "hacktivism."
    
    While I can't condone any of these behaviors, today we're seeing a far
    more dangerous hacker attack--the targeted attack. Targeted attacks
    are carried out by highly skilled hackers motivated by financial gain
    and armed with the expertise to do serious damage.
    
    They brandish a sophisticated array of tools against very specific
    targets, shifting the game from haphazard Internet tinkering to
    pinpointed assaults with the potential for major damage. And this
    trend is snowballing: Both the number of targeted attacks and the
    financial ramifications of these attacks are increasing.
    
    Every year the Computer Security Institute and the Federal Bureau of
    Investigation survey a group of approximately 500 U.S. companies about
    financial losses due to security breaches. The 2002 data shows an
    increase in reported financial losses of 21 percent, or $455.8
    million. That figure is especially noteworthy when compared to 1997's
    reported losses of a mere $100 million.
    
    A statistic from Riptech, a provider of security services, illustrates
    this expanding problem; targeted attacks against its customer base
    last year reached 40 percent, far above the expected 15 percent.
    
    The bottom line? We are seeing an increase in the number of targeted
    attacks resulting in escalating financial losses for corporations and
    serious security compromises for government organizations. If those
    statistics don't seem impressive, consider this: Those numbers are
    based upon reported attacks. Many organizations will not report
    damages suffered from attacks, or even the fact that they've been
    attacked.
    
    To clearly grasp the potential effect of targeted attacks, consider
    the damage done by the Code Red and Nimda worms of 2001, when
    estimates of corporate losses topped more than $3 billion in lost
    productivity. But lost productivity is the proverbial tip of the
    iceberg when it comes to these exploits.
    
    As damaging as Code Red and Nimda were, the harm that they inflicted
    came mostly from the network traffic slowdowns that they caused--and
    from the amount of time that it took to "disinfect" computers.  
    Imagine, though, an automated threat that combines the unprecedented
    infectiousness of Nimda with a malicious "payload" that erased hard
    drives or searched for likely confidential files.
    
    Such exploits could yield top-secret national intelligence, valuable
    intellectual property or sensitive customer information. A chief
    information officer at a major defense contractor recently shared her
    fears: It's not the next Code Red or Nimda that worries her; it's the
    thought of someone using the elements of Code Red or Nimda to craft a
    specific, targeted attack on her enterprise networks that keeps her
    awake at night.
    
    The problem is that hackers have already moved beyond basic tools like
    viruses and port scanners to more sophisticated techniques that use
    such tools more in concert with each other. We've all heard about the
    type of Trojan horse that can open "back doors" to a network, often
    remotely. These mechanisms, called RATs for Remote Access Trojans,
    monitor traffic, intercept passwords and establish secret
    communication channels for the hacker to use at will in order to pluck
    sensitive information and deliver it back to "hacker HQ."
    
    A major software manufacturer has already become a victim of this type
    of attack. The intruders (yes, there were more than one) had three
    months of unfettered access to the company's "trustworthy" network
    before the incursion was even noticed. Did they steal source code,
    or--even worse--did they secretly modify it?
    
    And, of course, there's a new twist. Rather than using a Trojan horse
    that operates as a separate, standalone application--which may be
    discovered--hackers now employ "malware" that subverts your other,
    trusted applications. They use your copy of Outlook or Internet
    Explorer to send the hacker your corporate secrets--and even to make
    sure that the "tag-along" transmissions are encrypted with Secure
    Sockets Layer!
    
    If your trusted applications are doing the communicating, most
    security measures let them pass without a second glance. And by using
    several types of malware that act in concert, these techniques can
    leave no evidence of the targeted attack, let alone a trail to follow.
    
    Believe it or not, this can happen even with major corporate
    investments in security technology. In fact, your security technology
    may not be able to let you know that you've been the victim of a
    targeted attack due to the high level of customization that is
    involved in such a breach. You may not find out that you've been
    attacked until your competitor introduces your secret new product
    before you do or displays an eerie ability to get in front of your
    prized customers and prospects before your sales team can do so.
    
    With the escalating sophistication of attack methods and the richness
    of prizes available to hackers, we are far from safe. Think of
    cyberattackers as an innovative entrepreneurs--we must also innovate
    to stay one step ahead of their game. Corporations, government,
    technology vendors--especially the security industry--must take a
    proactive approach to security and continue to promote innovation and
    competition. After all, it will cost us dearly if we fall behind the
    innovation curve of those highly motivated hackers who carry out
    targeted attacks.
    
    Gregor Freund is co-founder and chief executive of Zone Labs.
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Wed May 14 2003 - 00:28:47 PDT