Month: March 2005

iDefense, a Reston, Va.-based supplier of security intelligence to both corporations and government agencies, delved into its private database of more than 100,000 malicious code attacks to publish analytical findings publicly for the first time, said Ken Dunham, the company’s director of research. Using that database, iDefense tallied a record 27,260 attacks in 2004.

Over 15,000 of those, or some 55 percent, were specifically designed to covertly steal information or take over computers for criminal purposes, including identify theft and fraud, said Dunham. “We counted over 9,000 backdoors alone,” said Dunham, the component now dropped by most mass-mailed worms to allow hackers later access to compromised machines. “This is a business,” said Dunham, “with organized criminal groups around the globe continuing to mobilize resources to develop, sell, and launch Internet attacks.”

Among the ways these crooks are making money, iDefense’s analysis showed, are swiping credit card and bank account data, then selling them based on a tiered-value system where platinum-grade cards, for instance, are priced higher, with a corresponding higher attack ratio against targets to acquire those kinds of cards. Other money-making schemes include assembling networks of infected machines to send spam, launch follow-up malicious code assaults, or threaten denial-of-service (DoS) attacks to extort payment from Web sites.

Last year, the number of attacks with an IRC (Internet Relay Chat) component skyrocketed by 1000 percent over 2003, Dunham said. Malicious code attacks that utilize IRC typically automatically collect data–including personal financial information–and send it to the hacker’s private chat space, where he can process, filter, and analyze the data.

Attacks using a backdoor or relying on other remote access tricks to infiltrate a system also jumped during 2004, and showed a 420 percent increase over the previous year.

“Organized crime rings capturing personal information for fraud and extortion activities are a driving force in the growth of malicious code threats,” said iDefense in a statement. Unlike ‘phishing’ attacks, where users are tricked to provide personal financial information, these approaches are often unseen by the victim.”

And even the attacks that make the media are only the tip of the iceberg, said Dunham. “There’s a huge number of obscure little ‘bots that are attacking specific enterprise networks. With literally hundreds of Trojans out there, some used to attack only one company’s network, AV vendors can take days, weeks, and even months to do analysis and produce a defensive signature.

Like any company, AV firms must strike a balance between profitably and resources,” Dunham said.

http://www.techweb.com/wire/security/159400873

The report, which studied wireless networks in major U.S. and European cities, found that more than one-third of businesses with wireless networks are susceptible to intrusion from unwanted sources. The report was prepared for RSA by netSurity.

“For a potential hacker, it is almost a case of walking down the street and trying all the doors until one opens–it is almost inevitable that one will,” said John Worrall, vice president of the RSA’s worldwide marketing, in a statement. “Our research shows that wireless networks in Europe’s financial capitals, alone, are growing at an annual rate of up to 66 percent, and more than one-third of businesses remain unprotected from this type of attack.”

In its survey, netSurity researchers roamed the streets of New York, San Francisco, London, and Frankfurt with laptops and free software downloaded from the Internet. The researchers found 38 percent of networks in New York to be unprotected; in San Francisco, 35 percent; London, 36 percent; and Frankfurt, 34 percent.

“This means,” the report stated, “that wireless-network access points could still be broadcasting valuable information that could be used by potential hackers and assist them in launching an attack.”

Buckley said security issues differ for business users and for public hotspot users primarily because business networks are meant to serve only authorized users, while public networks are open to all. He noted that many businesses failed to reconfigure Wi-Fi default settings configured by the device manufacturers.

Business networks should be set up to require users to authenticate themselves before they can gain access to the networks, Buckley said, noting that business VPNs often require authentication. Another measure that should be taken by business network administrators concerns encryption. The encryption problem may be at least partially solved by introducing recently-approved 802.11i hardware that automatically encrypts traffic.

http://www.techweb.com/wire/security/159400873