[ISN] Most Damaging Attacks Rely On Stolen Log-ins

From: InfoSec News (alerts@private)
Date: Tue Aug 29 2006 - 00:03:21 PDT


http://www.informationweek.com/news/showArticle.jhtml?articleID=192300841

By Gregg Keizer
TechWeb
Aug 28, 2006

More than 8 out of every 10 computer attacks against businesses could be 
stopped if enterprises checked the identity of not only the user, but 
also the machine logging onto its network, a report released Monday 
claimed.

The study, conducted by a California research firm and paid for by BIOS 
maker Phoenix Technologies, used data from cases prosecuted by federal 
authorities between 1999 and 2006 to reach its conclusions.

"We wanted to get an honest viewpoint that wasn't opinion- or 
survey-based," said Dirck Schou, the senior director of security 
solutions at Phoenix. The problem with acquiring data on computer 
attacks, including the amount of damage done, is that companies are 
often hesitant to admit to a breach. "That's the beauty of this [data]," 
said Schou. "It's only looking at those who have actually suffered an 
attack."

According to the report, attacks based on logging in with stolen or 
hijacked credentials cost businesses far more, on average, than the 
typical worm or virus assault. When a privileged account is penetrated 
by an unauthorized user, the average damage runs to $1.5 million, the 
report said. The average cost from a single virus attack was much 
smaller: under $2,400.

"Cyber criminals who accessed privileged accounts obtained IDs and 
passwords through many means," the report said. "Network sniffing, use 
of password cracking programs, and collusion with insiders. It was also 
common for employees to share their IDs and passwords with coworkers who 
later left the organization and used that knowledge to gain access."

To bolster that outsider-as-attacker claim, the study also said that 
nearly 6 in 10 attackers had no relationship with the victim. (Just over 
a third (36 percent) were current and former employees.) Although the 
report's data contradicts other surveys that have pegged company 
insiders as the root of most attacks, the idea that credentials are good 
for ill-gotten gains isn't new. Earlier this year, for example, IBM 
predicted that attackers would increase their attacks against employees 
rather than networks.

"Viruses equal vandalism, but unauthorized log-ons lead to theft," said 
Schou. However, he acknowledged that the latter can come from the 
former, with worms and Trojan horses increasingly after information such 
as usernames and passwords rather than hoping to injure or bring down a 
network.

Overall, unsanctioned computers -- not among the systems actually 
expected to access the network -- were used in 84 percent of the 
attacks. The bulk of the attacks -- 78 percent -- came from at-home 
personal computers.

Naturally, Phoenix made much of that conclusion. It claimed that 84 
percent of the attacks in the survey could have been prevented had the 
victim been protected by device authentication schemes. Such security 
identifies not only the user by checking ID and password, but can tell 
if the hardware has been authorized to connect to the network. Phoenix, 
for instance, sells a solution dubbed TrustConnector 2, that creates a 
unique identity for every authorized PC.

"What surprised us was the intensity and preponderance in unauthorized 
access attacks," said Schou. "We think device authentication is in the 
right time, right place.

"There are a lot of companies that aren't securing the device."


_________________________________
HITBSecConf2006 - Malaysia 
The largest network security event in Asia 
32 internationally renowned speakers 
7 tracks of hands-on technical training sessions. 
Register now: http://conference.hitb.org/hitbsecconf2006kl/



This archive was generated by hypermail 2.1.3 : Tue Aug 29 2006 - 00:10:55 PDT