The time when worms and viruses were a top priority of IT are long behind us. Botnets and phishing attacks now dominate the webscape and new variations are emerging daily.
Botnets: To give you an idea on how prevalent this threat is becoming, Zombie Master Jeanson Ancheta pleaded guilty to seizing control of hundreds of thousands of Internet-connected computers and renting the zombie network to people who used it to send out spam. Keep in mind that this “Zombie Network” included computers at the Weapons Division of the U.S. Naval Air Warfare Center in China Lake, California, and at the U.S. Department of Defense.
Ancheta admitted that the scam netted him over $60,000 over 14 months before it was detected. This mindset, motivated by money and working in the background, is typical of the new generation of Internet criminals. The spyware they surreptitiously plant on an unsuspecting user’s computer leaves a very small footprint (barely detectable) and worka as a “Slave” to a remote “Master”. The End user usually isn’t aware that their personal computer or workstation has been “hijacked” as the computer continues to function, perhaps a little slower.
“Botnets”, also known as Bot Networks, are masses of hijacked computers, sometimes numbering in the hundreds of thousands as was the case with Ancheta who admitted to directing more than 400,000 computers. Industry research indicates that almost 200,000 computers become zombies EVERYDAY and that figure is steadily rising (Source: CipherTrust).
Historically, Botnets were used to launch DDoS (Distributed Denial of Service attacks) on websites. A disturbing new trend developed by this generation of Internet criminals is to rent their networks to those who want to launch cheap mass email campaigns (also known as Spam) or to extortionists to launch DDoS attacks on legitimate websites. Botnets pose an even more insidious threat. According to Dave Rand, Chief Technologist at Trend Micro, their combined computing power could be used to decrypt Internet traffic. If that were to happen (and thankfully there is no sign of it yet), it could bring e-commerce to a grinding halt.
Phishing Expeditions: Industry experts state that phishing attacks will grow in frequency and sophistication over time. This trend is already developing at a fast pace as pointed by David Sancho, an antivirus engineer at security company Trend Micro. David pointed out an attack in Germany which claimed to be from a power company and asked the recipients to click on an attached file that appeared to be a PDF document, which is a file type that the power company uses for paperless billing. In actuality, the file had a .pdf.exe extension and installed a Trojan on the user’s computer when it was executed.
The Trojan then monitored the user’s Internet activity (Web pages and online banking access), and sent this information to the Trojan’s creator. “It is smarter, because they (the Internet criminals) don’t have to set up a fake server,”, said David.
Great Tip! The emergence of compliance as the leading driver for information security management projects has forced organizations to refocus on securing underlying data critical to financial operations, customers, and employees. Achieving regulatory compliance is a complex challenge for organizations, with massive amounts of data and complex applications to monitor, and increasing numbers of users with access to those applications and data.
Though Windows PCs remain the primary target for attacks, prepare to see more sophisticated Botnets and phishing attacks, as well as attacks targeting cell phones and RSS News Feeds.
Great Tip! Advice: In information security, the little things we over look counts.
The Solution These attacks are major problems that cannot be easily resolved, because the target PCs are primarily home computers and corporate networks connected to an ADSL line. According to Hypponen “It takes a lot of end-user support to explain to a grandmother how to configure the computer. So most ISPs are not doing anything about it”.
For networked environments, there are several alternatives that can be implemented at your network’s perimeter to mitigate the security risk. If you believe your personal computer or organization’s network may be at risk, please consult a PC expert or corporate information security consulting firm for immediate assistance.