Category: Statistics

Eight-four percent of those surveyed said that the spyware problem is worse, or at best the same, as it was three months ago.

Although one would expect such results from a poll done by a vendor that sells gateway, not end-point, anti-spyware products, Gartner research director Avivah Litan seconded Blue Coat’s motion that today’s desktop defenses are not the ultimate solution for the spyware dilemma. “The lack of effectiveness comes from the fact that many [programs] are signature based,” she said, referring to the one-one-one digital fingerprints that anti-spyware, like their anti-virus cousins, must create to detect and then delete each new instance of spyware.

(It’s common, for instance, that one desktop anti-spyware product misses some spyware that rivals catch, and vice versa, the root of the advice by many experts to use multiple anti-spyware solutions.)

In fact, about one out of every eight enterprise IT managers polled said that they re-image all their spyware-infected desktops as a matter of course.

http://www.techweb.com/wire/security/159402774

iDefense, a Reston, Va.-based supplier of security intelligence to both corporations and government agencies, delved into its private database of more than 100,000 malicious code attacks to publish analytical findings publicly for the first time, said Ken Dunham, the company’s director of research. Using that database, iDefense tallied a record 27,260 attacks in 2004.

Over 15,000 of those, or some 55 percent, were specifically designed to covertly steal information or take over computers for criminal purposes, including identify theft and fraud, said Dunham. “We counted over 9,000 backdoors alone,” said Dunham, the component now dropped by most mass-mailed worms to allow hackers later access to compromised machines. “This is a business,” said Dunham, “with organized criminal groups around the globe continuing to mobilize resources to develop, sell, and launch Internet attacks.”

Among the ways these crooks are making money, iDefense’s analysis showed, are swiping credit card and bank account data, then selling them based on a tiered-value system where platinum-grade cards, for instance, are priced higher, with a corresponding higher attack ratio against targets to acquire those kinds of cards. Other money-making schemes include assembling networks of infected machines to send spam, launch follow-up malicious code assaults, or threaten denial-of-service (DoS) attacks to extort payment from Web sites.

Last year, the number of attacks with an IRC (Internet Relay Chat) component skyrocketed by 1000 percent over 2003, Dunham said. Malicious code attacks that utilize IRC typically automatically collect data–including personal financial information–and send it to the hacker’s private chat space, where he can process, filter, and analyze the data.

Attacks using a backdoor or relying on other remote access tricks to infiltrate a system also jumped during 2004, and showed a 420 percent increase over the previous year.

“Organized crime rings capturing personal information for fraud and extortion activities are a driving force in the growth of malicious code threats,” said iDefense in a statement. Unlike ‘phishing’ attacks, where users are tricked to provide personal financial information, these approaches are often unseen by the victim.”

And even the attacks that make the media are only the tip of the iceberg, said Dunham. “There’s a huge number of obscure little ‘bots that are attacking specific enterprise networks. With literally hundreds of Trojans out there, some used to attack only one company’s network, AV vendors can take days, weeks, and even months to do analysis and produce a defensive signature.

Like any company, AV firms must strike a balance between profitably and resources,” Dunham said.

http://www.techweb.com/wire/security/159400873

The report, which studied wireless networks in major U.S. and European cities, found that more than one-third of businesses with wireless networks are susceptible to intrusion from unwanted sources. The report was prepared for RSA by netSurity.

“For a potential hacker, it is almost a case of walking down the street and trying all the doors until one opens–it is almost inevitable that one will,” said John Worrall, vice president of the RSA’s worldwide marketing, in a statement. “Our research shows that wireless networks in Europe’s financial capitals, alone, are growing at an annual rate of up to 66 percent, and more than one-third of businesses remain unprotected from this type of attack.”

In its survey, netSurity researchers roamed the streets of New York, San Francisco, London, and Frankfurt with laptops and free software downloaded from the Internet. The researchers found 38 percent of networks in New York to be unprotected; in San Francisco, 35 percent; London, 36 percent; and Frankfurt, 34 percent.

“This means,” the report stated, “that wireless-network access points could still be broadcasting valuable information that could be used by potential hackers and assist them in launching an attack.”

Buckley said security issues differ for business users and for public hotspot users primarily because business networks are meant to serve only authorized users, while public networks are open to all. He noted that many businesses failed to reconfigure Wi-Fi default settings configured by the device manufacturers.

Business networks should be set up to require users to authenticate themselves before they can gain access to the networks, Buckley said, noting that business VPNs often require authentication. Another measure that should be taken by business network administrators concerns encryption. The encryption problem may be at least partially solved by introducing recently-approved 802.11i hardware that automatically encrypts traffic.

http://www.techweb.com/wire/security/159400873

Indeed, Forrester found that 63% of the firms surveyed for its report “Personal Firewall Adoption in 2005” have deployed the software, but in fairly restricted contexts.

Forrester senior analyst and report author David Friedlander notes that this could be a serious oversight and that “desktops that never leave the corporate LAN are still at risk.”

Moreover, Friedlander writes that, while the organizations surveyed rated viruses and worms as their most serious security threats, they are not always prepared to invest in the appropriate tools to defend against them.

Though 57% of companies plan to invest in anti-virus software and 65% will buy anti-spyware tools this year, Friedlander observes that these are the wrong tools to defend against malicious code. However, only 46% of enterprises and 32% of small and medium-sized businesses plan to invest in the personal firewall products that can prevent virus an d worm infection in the first place.

Ultimately, while personal firewalls are absolutely essential for mobile systems that log onto the corporate network from hotels, cafes and airport concourses, Friedlander says that companies that ignore the risk to desktop systems do so at their own peril.

“Desktop computers become vulnerable to malicious code the second a remote machine plugs back into the corporate network.

http://www.techweb.com/wire/security/159400873

“IM viruses and worms are growing exponentially,” said IMlogic chief technology officer Jon Sakoda, in a statement.

Seven out of ten attacks put MSN Messenger, Windows Messenger, and the MSN IM network in the crosshairs, reported the center, while Yahoo and AOL have been the target of just 18 and 12 percent of the attacks, respectively.

http://www.techweb.com/wire/security/159400873

The research found that outsourced operations are 30 percent more expensive than the top quartile of in-house customer service operations.

Alexa Bona, research director at Gartner, said firms often fail to take hidden costs such as in-house back-up support to the outsourced function into account. “The outsourced service is often more efficient but then outsourcers need to make a profit too,” she said.

Gartner also claims that 80 percent of organisations who outsource their customer management operations purely to cut costs will fail, while 60 percent of those who outsource parts of the customer-facing process will have to deal with customer defections and hidden costs that outweigh any potential savings offered by outsourcing. “If all you are trying to do is save money you are not going to be successful,” said Bona.

The worldwide market for customer service outsourcing is predicted to grow from $8.4bn in 2004 to $12.2bn in 2007, although the offshore element will still only account for five percent of that market by 2007.

Bona said organisations are still being very selective about which customer-facing functions they are prepared to send overseas. “Most [offshore deals] are for level-one enquiries but not the full end-to-end customer service. People are sending bits of processes but they have got wise as to what is and what is not suitable to be sent offshore,” she said.

The Indian start-up business process outsourcing (BPO) firms — as opposed to the big established players like Infosys, TCS and Wipro — are also set to undergo radical consolidation, with Gartner predicting 70 percent of the top 15 will be acquired, merge or disappear by the end of 2005.

“Many of those smaller companies are owned by VCs. They have grown really dramatically and when you are growing at that rate processes break down and it becomes harder to retain staff,” she said.

Despite all this, companies can still achieve cost savings of 25 to 30 percent if they outsource successfully.

http://news.zdnet.co.uk/business/management/0,39020654,39190514,00.htm