Today, though, an entire economy has been built around "hacking". Much like television networks trying to attract eyeballs for advertisers, today's hackers are trying to infect computers with trojans and other malware. These "botnets" are sold and traded in an underground market. The purposes for the botnets are varied: stealing backing information from the victims, using the collection of computers to implement an protection racket against DDOS attacks (as we have seen many times lately), to simply installing adware. Because of this, attackers are racing to find and exploit new vulnerabilities in software as quickly as possible - at least before someone else does. There is also no honor between theives - it's not uncommon for some piece of malware to intentionally disable the malware from some other group, so the former can keep his network pure and maintain the profitability of the botnet.
So, what can we learn from this?
We will continue to see faster and faster virus propogations. The virus writers are now financially motivated to infect as many computers as possible before anti-virus signatures are available and applied. Using non-conventional tactics to defend against these viruses are going to be needed. Such tactics include using behavioural virus scanners, rather than singature based scanners. Internet Security Systems and Panda both offer implementations of this.
We will continue to see worms that are released either before or shortly after acknowledgement of a weakness - and quite often before a fix is available. In the past, a rigorous patching program was typically enough to provide a reasonable amount of protection. Again, though, non-conventional tactics are needed - such as general buffer overflow exploit protection, more diligence around segmenting network assets to minimize the spread of worms, and tools to identify when a worm is present. Certainly, this aslo underscores the importance of tightening up already rigorous patching processes. An additional layer of protection can often be found in host and network intrusion prevention tools. Such tools are often updated quickly in response to a new threat and provide a buffer between the release of a worm and the time that systems are patched.
Certainly, organized crime is not the only source of malware - plenty of enterprising individuals are participating. Keeping up with the motivations of hackers will give you a better understanding of what you need to protect against and what threats you can expect down the road.
About the Author
Jerry Bell has been in the information security industry for 8 years and has spent 4 years as the Director with responsibility for information security and regulatory compliance at a $300M public company. IT Capability
No comments:
Post a Comment