Stealth-for-wealth attacks threaten net populace

19 Dec 2007

Once viruses and worms were the main threats facing internet and email users’ machines. However, more blended and sophisticated ‘stealth-and-wealth’ attacks can affect not only computers and networks but also the user’s financial health.

According to an inaugural report on the global security landscape from Cisco, security threats and attacks have become more global and sophisticated.

As the adoption of more and more IP-connected devices, applications and communication methods increases, the opportunity emerges for a greater number of attacks. These trends are writing a new chapter in the history of security threats and attack methodologies.

Years ago, viruses and worms (Code Red, Nimda and others) ransacked computer systems to cause damage and gain notoriety.

As internet adoption and e-commerce increased, blended threats (spam-enabled phishing attacks, botnets, etc.) evolved with the intent to steal money and personal information. Cisco says this stealth-and-wealth approach subsequently evolved into a more worldwide phenomenon that frequently features more than one of the seven risk categories.

According to Cisco chief security officer John Stewart, information security is no longer just a battle against a virus or spam attack. There are oftentimes legal, identity-based and geopolitical factors involved.

As examples, he points to identity theft at major retailers and a recent distributed denial-of-service attack allegedly launched by politically motivated hackers within Russia on its neighbour Estonia earlier this year. The cyber attack, which reportedly stemmed from outrage over Estonian authorities’ decision to move a Soviet-era war memorial from a park, shut down many of the country’s government websites.

“Cybercrime is evolving before our eyes, oftentimes using well-known techniques seen before only in electronic form,” Stewart said.

“You just can’t afford to view information security threats as a stand-alone duel against a virus or a phishing attack; threats involve social engineering and technology, trust and pervasive use.

“Today, the effort to secure businesses, personal identities and countries requires a greater level of co-ordination among parties that have not traditionally worked together as closely as they’ll need to. IT security teams, businesses, government, law enforcement, consumers, citizens: they’re all targets, yet they’re also allies.

“The effectiveness of national, enterprise and personal security will depend on the collaboration and communication among all of these constituencies,” said Stewart.

According to Stewart, the key to this collaboration is education.

He recommends regular audits are conducted within organisations of attractive targets and evaluate the avenues that can be used to attack them. “Exploits are too often successful because of not following security basics: host-based intrusion prevention, patches and upgrades with security fixes and regular audits.”

IT managers and CIOs need to understand the notion that threats follow usage patterns. “Where the majority goes, attackers will follow,” Cisco vice-president of customer assurance Dave Goddard said. “Every time a new application or device enters the fold, new threats will emerge.”

CIOs should also work to change the mindset of employees, consumers and citizens who consider themselves innocent bystanders, and empower them to become active influencers with shared ownership over security responsibilities. IT teams should help lead this charge, but it’s not solely their problem.

Stewart and Goddard both argue that security education be made a priority. Businesses, security vendors and government agencies, they say, need to invest in security education and awareness-building. This effort should include industry-wide collaboration among partners and competitors.

They also called for the institutionalisation of IT security education by incorporating it into school curricula.

By John Kennedy