 |
The "No Network is 100% Secure" series
- Cyber Crime Trends -
A White Paper
|
|
All rights reserved - may not be copied without permission
Easyrider LAN Pro, NOC Design Consultants
Contact Us
Cybercrime Trends in 2010 and beyond:
Here are five security trends
to watch for over the next ten years:
1. The Industrialization of Hacking: There is a clear definition of roles
within the cyber crime community in developing a supply chain that closely resembles
that of drug cartels:
- Botnet growers. Cultivators whose sole concern is maintaining and increasing botnet
communities.
- Attackers who purchase botnets for attacks aimed at extracting sensitive information
(or other more specialized tasks).
- Cyber criminals who acquire sensitive information for the sole purpose of committing
fraudulent transactions.
As with any industrialization process, automation is the key factor for success. We
will continue to see more and more automated tools being used at all stages of the
hacking process. Proactive searches for potential victims will increasingly rely
on search engine bots
rather than random scanning of the network. Massive attack campaigns will
continue to rely on zombies
sending a predefined set of attack vectors to a list of designated victims. Attack
coordination will be done through servers that host a list of commands and targets. SQL
Injection attacks, "Remote File Include" and other application level attacks, once
considered the cutting edge techniques manually applied by savvy hackers are now
bundled into software tools available for download and use by the new breed of
industrial hackers. Search engines (like Google) are becoming an increasingly vital
piece in every attack campaign starting from the search for potential victims, the
promotion of infected pages and even as a vehicle for launching the attack vectors
themselves.
Attack campaigns are increasingly being launched against any available target, not
just against high profile applications as was done in the past.
An application may be attacked
for the value of the information it stores or for the purpose of turning it into yet
another attack platform. Protecting web applications using application level security
solutions will become a must for large and small organizations alike. End users who
want to protect their own personal data and avoid becoming part of a botnet must learn
to rely on automatic OS updates and anti-malware software.
2. A Move from Application to Data Security: The effectiveness of network
layer attacks
has decreased dramatically in this past decade largely due better network layer
defenses. This gave raise to application level attacks such as SQL Injection, Cross
Site Scripting and Cross Site Request Forgery. As these are being gradually addressed
by the use of web application firewalls, attackers will turn their attention to more
sophisticated attacks either from the outside (business logic attacks) or from the
inside (direct attacks against the database). Together with the fast growth in the
number of applications that access enterprise data pools these will drive the evolution
of data-centric security.
While organizations invest in protecting their major applications using application
level tools, many of the smaller applications are still unprotected. Additionally, we
see no apparent decrease on the part of internal threats. Disgruntled employees,
dubious individuals with internal network access and attackers who control (through
Trojans) internal workstations all present a direct threat on enterprise data pools.
It will become apparent to organizations that controls must be put not only around
applications accessing the data but also around the data itself. This holds true to
data in its structured format within relational databases as well as unstructured
data stored in files on organisational file servers.
To protect these vital assets, Organizations must have a complete change of mindset
focusing on protecting data at its source, regardless of the application accessing it.
This will require a combination of technologies such as a data based firewall,
data and file activity monitoring and the next generation of DLP products.
3. Mainstream Social Networks and Associated Applications: Previously
attracting student communities, the growing popularity of social networking sites
such as Facebook, Twitter and LinkedIn is fast infiltrating mainstream populations
with practically every man and his dog now being "on Facebook". As a consequence, large
populations not previously exposed to online attackers can now be targeted by massive
campaigns. Elderly people as well as younger children. People who did not grow up
with an inherent distrust in web content may find it very difficult to distinguish
between messages of true social nature and widespread attack campaigns. Attackers
will also take advantage of the social networking information made accessible by
social platforms to create more credible campaigns (e.g. make sure you get your
Phishing email from your grandchildren). The capabilities offered by the social
platform and their growing outreach into other applications (webmail, online
games) allow attackers to launch huge campaigns with a viral nature and at the same
time pinpoint specific individuals.
It has been proven that specific ads carrying attack vectors can be presented to
named individuals at an attacker's will. This in turn allows attackers to easily get
a foothold inside specific organizations by targeting individuals within those
organizations. Much like searching through the Google search engine for potentials
target applications, attackers will scan social networks (using automated tools) for
susceptible individuals, further increasing the effectiveness of their attack
campaigns.
4. Password grabbing/password stealing attacks: Recent statistics show a surge in
personal information leakage incidents as well as the compromise of huge amounts of
credit card numbers. Leakage incidents were attributed to either media loss (or theft)
or deliberate attacks such as SQL injection or sniffing on internal transaction
processing networks.
As stolen personal information is increasingly available, the price it commands on
the black market is falling, thereby forcing attackers to seek more profitable data.
To this extent, the last few months has seen hackers target application credentials.
Application credentials hold more value for certain types of attackers as they can
be further used in automated schemes. While fraud schemes involving stolen personally
identifiable information (PII) usually require manual procedures, an attack that
makes use of valid credentials for an online banking system can be fully automated.
Attackers use many different techniques for obtaining application credentials. These
include Phishing campaigns, Trojans and KeyLoggers on the consumer side and SQL
injection, directory traversal and sniffers on the application end.
5. Transition from Reactive To Proactive Security: Up until recently, the security
concept has been largely reactive - waiting for a vulnerability to be disclosed;
creating a signature (or some other security rule) then cross referencing requests
against these attack methods, regardless of their context in time or source. As a
consequence a lot of resources are invested in distinguishing "bad" requests
from "good" requests based on request content alone. This chore is becoming increasingly
difficult due to advanced evasion techniques and sophisticated attack schemes. This
in turn yields solutions that are forced to make difficult trade-offs between the
rates of false detection and no detection.
Rather than waiting to be attacked, security teams must start to proactively look
for attacker activity as it is being initialized over the network, identifying
dangerous sources or malicious activity before it gets to attack a protected server.
About the Author
Frank Saxton is a computer network security engineer and Easyrider LAN Pro principle.
Home-based in Portland, Oregon, Frank has been designing remote diagnostic and
network enterprise monitoring centers since the late 1970s. Prior to becoming a
professional systems engineering consultant in 1990, Frank had a 20 year career
in computer systems field engineering and field engineering management. Frank
has a BSEE from Northeastern University and holds several certifications including
Network General's Certified Network Expert (CNX). As a NOC design engineer and
architect, Frank works regularly with enterprise-class monitoring tools such as
HP Openview Operations, BMC Patrol and others. In his enterprise security
audit work, Frank uses sniffers and other professional grade monitoring tools on a
daily basis.
Next in the security white paper series:
Are you vulnerable to drive-by exploits?
Serious IT Security Expert Talent Shortage White Paper
IT employment challenges of the 21st century
Employment reference checking white paper
Competency Certifications White Paper
ISO/IEC 27005:2008 Standard for Security Risk Management
High value sites recent hacks
Still more 2009 hacks in the news
OpenID White Paper
Employment reference checking white paper
Firewall White Paper
Password White Paper
Digital Identification Certificates White Paper
Virus White Paper
Ghostnet White Paper
Cryptography White Paper
Intrusion Detection Systems IDS White Paper
Rootkit White Paper
Unnecessary Windows XP Services White Paper
Scareware White Paper
Exaflood Internet Brownout White Paper
Cloud Computing White Paper
Proxy Server White Paper
Personal Computer PC Security White Paper
Phishing White Paper
DNS Poisoning White Paper
Conficker White Paper
SPAM White Paper
Best Practices White Paper
Denial of Service DoS White Paper
Trojan Virus Attacks White Paper
Port Scanning White Paper
Monitoring Basics 101 White Paper
Monitoring Basics 102 White Paper
Monitoring Basics 103 White Paper
Virtual Machine Security White Paper
Aurora vulnerability White Paper
Shelfware White Paper
Outsourcing White Paper
Easyrider LAN Pro Consulting services:
Network Security Audit and PC Tune-up service
- Proxy server installation and configuration
- Enterprise security consultations
- Disaster recovery planning
- Disaster recovery services
- Capacity, migration and upgrade planning
- Build and deploy central syslog server
- Build trouble ticket systems
- Design and build monitoring environments
- Design and build Network Operations Centers (NOC)
- HP Openview, BMC Patrol consulting
|
|
Last modified December 16, 2009
Copyright 1990-2010 Easyrider LAN Pro