2004: the year of the hacker?

5 Jan 2004

Internet sites rather than email are likely to be the vehicle for many security threats during the coming year, according to Niall Moynihan, technical director, EMEA, with Check Point.

As we launch into a new year it is useful first to look back at 2003 for clues as to what is likely to happen in 2004. By far the biggest news last year was the spate of malware (viruses, worms and trojans) in the third quarter, such as Blaster, Sobig and Nachi. In previous years most malware spread via email. But two of the above didn’t use email to spread and the other used email plus another method.

Organisations have got much better at blocking email-borne malware and the malware writers have had to look for alternative methods of transmission. It is very likely that we will see more of this next year. So using email content screening is going to be less effective at keeping out malware. We are likely to see a big increase in exploits of holes such as those that were used last year.

The best defence against these exploits is a good security policy centred on a firewall that has been properly configured and managed (that is something like 30pc of the firewalls installed today). Many firewalls now come with an add-on service where attacks can be automatically sensed which responds by closing down certain ports to block the attack.

The most likely route that the malware writers are going to exploit next is what is known as port 80. This is the port where web pages come in when you are browsing. The attractiveness to the hackers of using this port is that it has to be open and a firewall cannot detect all malware. In a survey carried out by Websense in February 2003 it was found that one third of companies in Europe have been infected with spyware applications on their networks. Spyware is installed when you click onto many of the sites you use day to day. Mostly these programs just track your surfing habits to establish your buying behaviour. Are they illegal? You certainly consent to allow cookies when you click into many sites. These are supposed to improve your experience of using the site but how is a cookie defined? The bottom line is that there is spyware in your organisation now. The next wave of malware coming into your organisation is likely to be much more damaging.

Please visit our sponsors: CheckPoint : Entropy