Cyber-security analysts predict that 2011 will mark a shift in online crime away from malware and stolen credit card information into a new stage of cyber-espionage and cyber-sabotage. Identity theft has already become one of the most prevalent crimes of the 21st century. While low-tech methods for obtaining private information, such as stealing wallets or personal documents, are still the most common, online information theft is growing rapidly, especially within cyber-criminal syndicates.
One method that modern cyber criminals employ to accomplish their objectives is the stealthy use of computer “botnets.” A botnet is created when a number of Internet-connected computers become infected with malicious software that is designed to listen for instructions from a cyber-criminal’s command-and-control center and then act on those orders. The infected computers become “zombies” and are used to steal information, send spam, or disrupt legitimate web services without the knowledge of the computer user.
Information Security experts agree that botnets pose the largest threat to the Internet today. In June of 2006, security software maker Symantec estimated that there were roughly 4.5 million computers worldwide under the control of a botnet. Today, experts peg that number in the hundreds of millions! Botnet presence is growing exponentially because they are money-making machines for their creators, commonly known as “botnet masters”. Most seem to utilize the zombie computers under their control to spew spam and propagate malware to other susceptible computers. But that will not always be the case, as evidenced by some recent examples.
In February 2010, the security firm Netwitness discovered that the Kneber botnet had compromised nearly 75,000 computers worldwide. Among them were many U.S. based systems belonging to Fortune 500 companies, government agencies, and others. The Kneber malware was specifically designed to steal sensitive information, and the attack has resulted in the theft of tens of thousands of login credentials for e-mail systems, social networks, and banking sites. It is still very much active in cyberspace, and in October the FBI arrested more than 100 suspected cyber crime ring members that had stolen around $70 million.
The Kneber botnet exploits a security flaw in several software applications that are found on a vast majority of Windows based computers, specifically Adobe Reader and Flash Player. Adobe has released a patch that fixes the flaw, but IT professionals or end users need to take action to apply the security patch. Should they fail to install these updates, their computers will remain susceptible to infection and likely exploitation.
In mid-December of 2009, sophisticated attackers targeted Google and at least 30 other high profile U.S. companies and exploited a previously unknown flaw in Microsoft’s Internet Explorer browser to compromise computers and steal information. Evidence indicates that the attack was conducted by a botnet controlled from China, and some even claim that the Chinese government was involved. Microsoft quickly released a patch to fix the flaw, but again, IT professionals and users need take action if they wish to prevent computers under their control from becoming infected and compromised.
For IT consultants, these types of attacks are very difficult to defend against because of the human variable in the equation. Cyber criminals have obtained an impressive success rate of attacks against corporate networks by enticing employees to click on infected Web sites, email attachments or advertisements purporting to clean up viruses. In some cases, cyber criminals will hijack legitimate website ads or purchase their own ads on popular websites in a practice known as “malvertising.” When an unsuspecting user clicks on a malvertising ad to get more information or a chance to win a free prize, they unwittingly download the malware. Another method of infection is through drive-by downloads where a user simply visits an infected site or reads an infected email, and then the attacker exploits a security flaw to download and run their malicious code.
The important lesson to be learned here is this: The Internet is a very dangerous place! This is especially true for computer systems that are out of date or running applications that are not fully patched, or for users who are unaware of the dangers and behave carelessly. We all need to understand that the threat landscape is constantly changing, and malicious attackers are operating with increasing boldness and impunity. In order to defend against these attacks, it is necessary to implement a comprehensive defense strategy for both computers and their human operators.
On the computer side, we need to put up multiple layers of defense:
- A properly configured and up-to-date network firewall.
- A properly configured Windows firewall or non-Microsoft software firewall on each computer.
- A process to ensure that all Microsoft and third party software patches are deployed with limited or no user intervention.
- Current antivirus software with virus definitions that are automatically updated daily, and full system scans that are run weekly.
- A secure web browser that has the latest updates and security patches installed.
- A policy that requires users to operate with reduced system privileges in order to mitigate the damage should an infection occur.
On the human operator side of the equation, we need to raise awareness of potential security threats in the workplace through targeted employee education and ongoing reinforcement, with an emphasis on ongoing. Ultimately, we need operators to be smart, aware, and to use extreme caution!
Please distribute this article within your organization to help achieve that goal. For further information on this subject, Bing or Google “cyber security,” or contact Providence for assistance analyzing and securing your company’s computers and networks.
Jeff Dettloff is President and Chief Problem Solver at Providence, a Lansing IT Consulting firm.