InfoEdge Logo
Offering Select IT And Business Management Research
research@infoedge.com
800.544.7337 | 617.969.9080
Home Page About Us Contact | Questions Shopping Cart
Recent Reports Information Centers Free Research IT Business News and Articles CIO Strategy Center Browse Categories
Related Reports
Security Audit Program
The audit program is one that either an external auditor or an internal auditor can use to validate the compliance of the Information Technology organization and the enterprise to ISO 17799, Sarbanes-Oxley, HIPAA, and PCI-DSS.
IT Spending, Staffing and Technology Trends
The study tracks spending in ten industry and government sectors and provides objective and comprehensive data designed to assist IT and business executives in the financial and strategic management of information technology.
Options in Enterprise Backup
This report reviews the intricacies of backup practices and procedures, including security, business continuity, archiving and compliance.
The State of the Mainframe
Mainframe MIPS growth is averaging around 20% per year. This new report looks at the current state of this "legacy" system.
IP Telephony Solutions: Product Comparison Report
This report includes an overview of the enterprise IPT market, a comparison of nine leading IPT solutions, and a summary of the relative strengths and weaknesses of each product.
Regulatory Resource   Threat Intelligence      Resilient IT      Boardroom Strategies      
Threat Intelligence / Preparedness

Cyberthieves Turning to More Invasive Approaches

By Tom Schmidt

An examination of today's threat landscape provides both good news and bad. The good news: computer users are getting smarter about recognizing phishing emails that purport to be from a bank or business but are really attempts to steal their personal information. The bad news: evidence suggests cyberthieves have moved on to other methods for compromising data. As a report in the February 27, 2006 edition of The New York Times puts it:

"In some countries, like Brazil, [phishing] has been eclipsed by an even more virulent form of electronic con -- the use of keylogging programs that silently copy the keystrokes of computer users and send that information to the crooks. These programs are often hidden inside other software and then infect the machine, putting them in the category of malicious programs known as Trojan horses."

This article looks at some of the newer, more invasive approaches to cybercrime that are currently gaining currency among attackers.

Malicious code for profit

The latest Internet Security Threat Report, covering the first six months of 2005, noted a definite shift in the threat landscape. Attackers are moving away from large, multipurpose attacks on network perimeters and towards smaller, more focused attacks on client-side targets. This new threat landscape, the authors of the Threat Report predicted, will likely be dominated by emerging threats such as bot networks, customizable modular malicious code, and targeted attacks on Web applications and Web browsers.

Recent events appear to be confirming that prediction. According to the February 27 Times report:
 
"Two weeks ago, Brazilian federal police descended on the northern city of Campina Grande and several surrounding states, and arrested 55 people -- at least 9 of them minors -- for seeding the computers of unwitting Brazilians with keyloggers that recorded their typing whenever they visited their banks online. The tiny programs then sent the stolen user names and passwords back to members of the gang.
 
The fraud ring stole about $4.7 million from 200 different accounts at six banks since it began operations last May, according to the Brazilian police. A similar ring, broken up by Russian authorities earlier this month, used keylogging software planted in email messages and hidden in Web sites to draw over $1.1 million from personal bank accounts in France."
 
How widespread are such keyloggers? The Anti-Phishing Working Group, a consortium of industry and law enforcement partners that fights online fraud and identity theft, announced recently that the number of Web sites known to be hiding this kind of malicious code nearly doubled between November and December of 2005, rising to more than 1,900.
 
The Times article cited the SANS Institute's estimate that, at one point last fall, "as many as 9.9 million machines in the United States were infected with keyloggers of one kind or another, putting as much as $24 billion in bank account assets -- and probably much more -- literally at the fingertips of fraudsters."

New threats increase and multiply

In previous editions of the Internet Security Threat Report, mass-mailing worms dominated the Top 10 malicious code samples that were reported. In a recent edition, however, there were only two mass-mailers in the Top 10 samples.

Instead, between January and June 2005, Trojans dominated the Top 10 malicious code samples reported. According to the Threat Report, "these Trojans disable and remove several antivirus and security applications from a compromised computer. They then disable access to antivirus and security-related Web sites by overwriting the HOSTS file to redirect requests. Finally, the Trojans attempt to download and execute a file from a remote Web site."
 
In this same time period, more than 10,866 new Win32 viruses and worms were documented, an increase of 48% over the 7,360 documented in the second half of 2004. It's also an increase of 142% over the 4,496 documented in the first half of 2004. This massive increase in variants is important because each variant represents a distinct threat against which administrators must protect their systems and for which antivirus vendors must create a new antivirus definition. This trend is also important because it too signifies a shift away from broadly disseminated threats (i.e., mass-mailing worms) and toward malicious code that is modular and customizable.

Strengthening the guidelines for Internet banking

Responding to these direct and increasing threats to the financial services sector, the Federal Financial Institutions Examination Council (FFIEC), which manages U.S. banking rules, in October ordered banks to go beyond conventional user IDs and passwords by using an additional form of user authentication.
 
According to the FFIEC's new rules, titled "Authentication in an Internet Banking Environment," banks must now rely on two-factor authorization, which adds another identity check along with a password system. This guidance replaces rules issued to banks in 2001. The FFIEC said it was issuing the guidance now due to "increasing incidents of identity theft and fraud, and the introduction of improved authentication technologies and other risk mitigation strategies."

The FFIEC is blunt in its opinion of the reliability and security of current methods used to authenticate online customers: "single-factor authentication, as the only control mechanism, [is] inadequate in the case of high-risk transactions involving access to customer information or the movement of funds to other parties."
 
Defense in-depth

Given the rise of these more invasive threats, it's recommended that users employ defense in-depth, which emphasizes multiple, overlapping, and mutually supportive defensive systems to guard against single-point failures in any specific technology or protection methodology. This includes antivirus software and a personal firewall.
 
Users should also update antivirus definitions regularly and ensure that all desktop, laptop, and server computers are updated with all necessary security patches. Users should never open any email attachment, or click on an unfamiliar Web link contained in an email, unless it is expected and comes from a trusted source.
 
Threats that expose confidential information on a compromised computer are constantly evolving and are a concern to all users. With the increasing use of online shopping and Internet banking, compromises of this nature can result in significant financial loss, particularly if credit card information or banking details are exposed. Enterprises must do all they can to keep ahead of, and educate their users about, these invasive threats.

Tom Schmidt writes frequently about information security topics. He has more than 15 years' experience as a writer and editor in high-tech publishing.

CIO Strategy Center is a daily editorial resource offering innovative insights and strategies for building an integrated, secure and resilient IT infrastructure.

Articles by Topic
Spam and Viruses
Preparedness
Strategies
Related Content

Features

View More


Metrics

View More

Fast Fact

"In some countries, like Brazil, [phishing] has been eclipsed by an even more virulent form of electronic con -- the use of keylogging programs that silently copy the keystrokes of computer users and send that information to the crooks."

--The New York Times
Sponsor Tools

Resources

White Papers

View More


Podcast Audio Content

CIO Strategy Center is now available in audio format.

This week's feature topic is:


Preparing for a Disaster
Playtime: 8 min 07 sec



Download | Subscribe

Copyright © 2009 Studio One Networks. All rights reserved.
Geography Specific | Advanced Technologies | Industry Verticals | Executive Management | Information Technology | Human Resources | Telecommunications | Sales And Marketing | Finance | Hardware | Software | Web | Outsourcing | Top IT Priorities
home   |     site map   |     about us   |     privacy statement   |     research providers   |     contact us   |     categories

Entire contents ©2008 InfoEdge. All Rights Reserved.
Email: research@infoedge.com