Analysis: Symantec tars ISPs with bad security brush

By Ry Crozier on Oct 11, 2010 1:30 PM
Filed under Security

Page 1 of 2 | Single page

Is the communications sector as unprepared for attack as antivirus vendor claims?

The Australian communications industry is the least prepared business sector to bounce back from 'hacktivist' threats to its critical infrastructure, if security vendor Symantec's latest survey is to be believed.

By contrast, the energy sector is best prepared to rebuff such politically motivated attackers, the anti-virus and IT security company said.

The communications industry we cover at iTnews is serious about keeping its networks strong against threats such as distributed denial-of-service attacks.

For example, Bulletproof blocked offending IP addresses used in such an attack on broadband community website Whirlpool "within 20 minutes".

Other recent examples point to attacks degrading performance on some links - but in most cases communications operators routed legitimate traffic on diverse routes while they blocked the source of the bad traffic.

Which left us puzzled. How did the "communications industry" fare so poorly in Symantec's report?

What is the communications industry?

Symantec commissioned Applied Research to call 1580 businesses (150 from Australia) in 15 countries.

The Symantec 2010 Critical Information Infrastructure Protection Survey [PDF] focused on six industry sectors. If researchers spoke to a similar number of businesses, that is 25 respondents a sector - communications industry included.

Symantec Australia could not break down for iTnews what constituted a member of the communications industry.

So we don't know if they were fixed-line telcos, backhaul infrastructure operators, mobile network virtual operators or wireless operators.

Symantec was also unable to tell iTnews how big the respondents were.

The results would be lopsided if, for example, Telstra, Optus and VHA weren't included from a mobile perspective. Or if AAPT/Powertel, Nextgen, PIPE Networks and Vocus Communications were excluded from a backhaul perspective.

The only breakdown of the communications industry, as defined by Symantec, that we could get was that it included "telcos, ISPs, radio and TV".

The inclusion of media companies in the mix is unconvincing. And the lack of transparency over which types or sizes of communications organisations make up the survey results mix is a concern.

It could be tier-one telcos just as easily as it could be under-resourced community radio stations and tier-three ISPs.

Is the energy sector that well prepared?

Keith Price, AISA

It's difficult to draw a conclusion that the communications industry is the least prepared of six industry sectors to defend against an attack, as researchers claim.

Australian Information Security Association national director Keith Price told iTnews he'd have expected banking and finance - not the energy industry - to be most prepared to repel an attack.

"I'm surprised by the order [of preparedness described in the Symantec report]," he said.

Price raised concerns about the relative difficulty of exploiting a communications network compared to sectors where Windows architectures are more prevalent.

"A lot of vulnerabilities are not as easily exploitable on a router or switch as they would be malware on a PC," he says.

"Even for bad guys, time is money. They're only going to spend so much time before they move on to an easier target."

Further questions of the energy sector's preparedness were raised in a report released last week by the Victorian Auditor-General - the same day that Symantec's survey was released.

The Auditor-General labelled the risk of unauthorised access to water and transport infrastructure control systems in the state of Victoria as "high".

The report found Victorian operators did not have "the physical and electronic controls to detect and prevent inappropriate access to their infrastructure control systems".

It also found operators "not fully aware of the weaknesses in, and risks to their infrastructure control systems, ...[and] not properly securing their infrastructure control systems".

"As a result, staff and external parties can inappropriately access and manipulate these systems," the report said.

Price said he was inclined to "believe the Auditor[-General] as opposed to Symantec".

"Because [the Symantec survey] is so broad and high-level and doesn't really get into details, I just have to take it as interesting reading," Price said.

Click through to the next page to find out what motivates hacktivists and cybercriminals.

Analysis: Symantec tars ISPs with bad security brush

7 comments in this discussion

"Symantec (Norton) have one of the worst detection rates of any Anti Malware products, but oddly one of the largest pre-install rates in New P.C.'s. They put more money into marketing than ..."

By X_Selectar

Tags

symantec, critical infrastructure, hacktivist, isps, telcos, thwart, political, security, attacks

Further security flaws found in Java Runtime Environment

Shylock trojan evades malware watchers

Telcos declare SMS 'unsafe' for bank transactions

Google technology advocate sends NBN safety message

Breaking Stories

NBN Co buys TransACT fibre network

Myer automates online order management

Google technology advocate sends NBN safety message

ACMA shops 'freephone' charge changes

Vodafone still losing Australian customers

Comments: 7

realitybites Oct 11, 2010 3:58 PM	I did have a comment typed up but clicked "Submit Comment" and got "Sorry, a server error has occurred." grrr.. /me shakes fist in a generally southerly direction/
brownbear Oct 11, 2010 4:25 PM	Am I over sensitive but haven't Symantech produced a number of reports about the danger of malware in the past 6 months or so. Everyone of them seemed to me to be an effort to scare people into increasing their defenses. Sorry but I still have a little voice in my head that rightly or wrongly says "Don't have anything to do with Norton they tell fibs." If Symantech have identified the problem then my initial reaction, without seeing substantive proof otherwise, is that they are scaremongering.
realitybites Oct 11, 2010 5:27 PM	It's like watching a politician trying to worm out of a difficult question, lots of words, but no real contextual meaning. I'm referring to Symantec's vagueness at providing definitive answers to questions. How do we even know who they spoke to in these organizations? We can assume they spoke to someone associated with security for the organization, but that's a big assumption to make. So in light of this I'd have to say scaremongering as well.
legless Oct 11, 2010 7:27 PM	Well no matter what is looming over our heads, it will not "scare" me enough to put another of Symantec's security products on my computer. It's funny how so many issues magically go away when all traces of Norton's antivirus products are removed from one's system. I removed Norton's 360 from a friend's computer and replaced it with something else. Everything sped up and was working well. It was then replaced (not by me) with Norton's and now I have to repair the Windows installation again.
djzort Oct 11, 2010 8:50 PM	here is the real truth behind this report... which sector buys the least symantec products? clearly telecoms. so, lets label them in an attempt to drum up sales.
Ace Oct 11, 2010 11:29 PM	Yeh, I'm a little tired of the AV vendors 'reports', which seem dubious at best. I believe Trend Micro is currently on a boycott list (http://www.fsf.org/blogs/community/boycottTrendMicro.html) due to typical AV vendor tactics.
X_Selectar Oct 21, 2010 1:44 AM	Symantec (Norton) have one of the worst detection rates of any Anti Malware products, but oddly one of the largest pre-install rates in New P.C.'s. They put more money into marketing than protection. If you've ever bought a P.C. with one of their products, you'd know what I'm saying, i.e. one month in you have to buy a license to be protected, and "Hey !", did you not think it was installed for at least a year ? You see any funny business, especially in the mainline structuring of a Security marketed product, go look elsewhere. The Web is a place of knowledge, statistics, outcomes, and records. Search it until you have evidence that is suitable to your needs, don't listen to one side of any story, this is the 21st Century, the weight of information online is how we do business these days, not what someone tells you through the media, or a Newspaper press release.