Subscribe

Threats on the increase

With the recession, upcoming World Cup and smarter criminals, the security threat landscape looks a little intimidating.

Samantha Perry
By Samantha Perry, co-founder of WomeninTechZA
Johannesburg, 21 Sept 2009

Germany, in the run-up to its World Cup in 2006, saw the number of attacks on systems holding financial data increase to two million per day, says Symantec Africa regional director Gordon Love, who expects the same to occur here.

South Africa, thanks to Seacom and the other cables due to land soon, is more accessible than it has ever been to the outside world, he adds.

Insiders will make changes to a database (allowing a loan that would have been denied, for example) for as little as R20, says Magix Integration MD Hedley Hurwitz.

According to Cisco consulting systems engineer Martin Walshaw, the relatively recent Conficker worm heralded a huge shift in the way attacks are carried out.

“Organisations, over the past four or five years, have seen the Web and e-mail as posing the biggest threats and have taken steps accordingly, while things like patching have taken a step back. Conficker exploited that trend and managed to infect up to one million PCs per day at its height.”

Conficker exploited a Windows vulnerability, described by the authors of Cisco's MidYear Security Report* as “an 'old-school' method that may not have seemed threatening, given the preponderance of new tactics for online scams. Conficker's creators appear to have recognised that their entry point into computer systems might yield more satisfying results.”

They were right, and Conficker is still infecting vulnerable systems.

What's more worrying, Walshaw adds, is that two separate sets of bad guys collaborated on Conficker - the first set created the worm, the second (Waledac) created the malware that was Conficker's ultimate payload. Says the report: “Depending on situation and opportunity, those who engage in online attacks have also been known to both collaborate with, and target, each other. One security researcher discovered that a major botmaster used an online forum to ask other criminals for help after his own botnet was hacked.”

All of which doesn't add up to a very reassuring picture.

Further, in the EMEA region, according to Symantec's Global Internet Security Threat* report for last year: “The most common propagation method for malicious code was through shared executable files, accounting for 65% of potential infections in EMEA, which is a substantial increase from 37% in 2007.” That's a statistic that is even less reassuring given the glee with which your average human passes things on via e-mail these days.

Where is it all going?

Those who engage in online attacks have also been known to both collaborate with, and target, each other.

Cisco

According to Symantec: “Web-based attacks are now the primary vector for malicious activity over the Internet. The continued growth of the Internet and the number of people increasingly using it for an extensive array of activities presents attackers with a growing range of targets as well as various means to launch malicious activity. Within this activity, Symantec has noted that most Web-based attacks are launched against users who visit legitimate Web sites that have been compromised by attackers in order to serve malicious content.”

“Cyber crime, fuelled by the global recession, is costing global businesses and individuals billions of dollars, according to recent industry estimates. It is a complicated world, with players big and small, organised and fringe, sharing a common desire to secure their own profits. Some players are just the guy or girl down the street, who is content to scrape out enough to ensure a comfortable lifestyle. However, many other players are doing whatever possible - and more often now by pooling their resources and knowledge - to maximise their profits,” says Cisco.

On the other hand, Cisco's report notes: “The unprecedented level of co-operation and participation by the security community and industry in response to the Conficker threat earlier this year marked an important turning point in the ongoing battle against cyber crime and fast-moving and far-reaching Internet security events... the Conficker Working Group demonstrates that the industry can adapt and respond to a significant weakness rapidly and effectively. Thus, when the next major security threat emerges, the security community will know how to assemble and take action swiftly - together.”

Which is an altogether happier thought.

* Reports courtesy of Cisco and Symantec respectively.

Share