Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Tuesday, March 07, 2006

Black market thrives on vulnerability trading

As criminals have woken up to the massive reach afforded to their activities thanks to the Internet, hackers too are now able to avoid risking prison sentences by simply selling on their findings.  Graeme Pinkney, a manager at Symantec for trend analysis, told us: ‘People have suddenly realised that there’s now a profit margin and a revenue stream in vulnerabilities.  Vulnerabilities are being turned up in web applications because that’s where hackers are looking for them.  Some 80 per cent of the top 50 exploits analysed by Symantec turned out to be ‘revenue-written’, according to Pinkney.  Distributed denial of service attacks rose 51 per cent over the six-months prior to 1,405 a day.

China saw the largest increase in botnet activity with a 37 per cent growth of botnet infected systems and a 153 per cent increase in attacks originating there.  That’s not to say China is full of criminals.  But with a well-documented history of software pirating, it stands to reason that many systems hooking up to the Net in the People’s Republic aren’t patched properly and vulnerable to infection.

With a population of 1.3bn, the 94m Chinese who are online represents a point right at the bottom of the S-curve expected as the Internet revolution takes off there.  If the black market in vulnerability trading increases, as Symantec predicts, massive numbers of systems coming online in China will prove an ideal vector for attack.

Posted on 03/07