Security threats are a concoction of various malicious attacks, but they all share a common goal in their pursuit of information, power, and profit. SC Magazine Australia gathered 10 of the most prominent IT security experts from Australia and around the world and asked where they see the world going, what the threat landscape looks like now, and what worries them most about the future.
James Scollay, Vice President for MessageLabs Asia Pacific, the global message security and managed services provider. He is currently based in Sydney after performing management roles for MessageLabs Europe and was a co-founder of Commspec the NZ telecommunication company.
“Email is the lifeblood of business today and will continue to have an increasing impact on every aspect of commercial enterprise. It underpins protecting and enhancing business productivity and ensuring continuity and compliance. This in turn means that the CIO’s decisions are becoming even more business critical.”
“Email security is no longer just about spam and virus protection. Cyber-crime has moved on from technical hooliganism to commercially motivated professionals. They are targeting enterprises with sophisticated phishing, malware, botnets and other attacks aimed at defrauding business, stealing intellectual property and/or extorting money.”
“Managed security solutions will continue to grow in popularity as the advantages of specialised outsourced services become evident.
Managed security services are also catching on in the SMB marketplace as they too are prone to cyber attacks without the same resources as large enterprise. Small business owners are beginning to realise that security is no longer as simple as locking the door with unique IP, staffing security, customer security and hardware protection moving up the SMB priorities list.”
“Also on the horizon is the seismic rise of VoIP, this will inevitably become a huge vulnerability for large enterprises and SMBs alike. VoIP threats to businesses are not expected to become commonplace until around 2007.”
US based computer security firm Cybertrust’s CTO Dr Peter Tippett advised the joint America’s chiefs’ of staff on cyber warfare during Desert Storm and produced the original version of what later became Norton Anti-Virus software.
"Hackers now have such a range of tools to use, it's amazing: master toolkits to produce whatever worm, trojan or bot you wish. It's all just a case of bolting together parts - encryption, multi-control channels, obfuscation - it's all there in easy-assembly kits”.
"Very little of this is new technology, but with a few tweaks, a hacker can produce a 'new' trojan or bot in minutes. We can now see the criminal element on the Web has built something just as robust as the Internet, but for use by miscreants.”
"I believe we'll see more trading of resources between hackers, as they become more specialised in their sectors. This has always been the case to some extent, but it will take place on a much bigger scale soon. ID theft will also increase and become more sophisticated - many street criminals still don't know the worth of a laptop full of customer data - but soon they will.”
“To combat this threat, we need to focus on smart security. For example, a router, even a wireless one, can be configured to 'default deny' outbound traffic. This costs nothing to do, but makes exploiting the connection much harder. Only two per cent of users actually do this, even though it makes you 80 per cent more secure. We need to assess costs of counter-measures more effectively and get them implemented on a greater scale.”
Paul Lancaster, (pictured) is the systems engineer for Symantec A/NZ, the security application software provider. A former employee of Veritas Software prior to its merger with Symantec he has over 15 years experience in data protection planning recovery and deployment strategies for various industries especially banking and telecommunications.
“The most widespread attack detected by sensors in our region was the Generic TCP SYN Flood Denial of Service Attack (DoS), which accounted for 70 percent of all detected attacking IP addresses. This could result in the disruption of organisational communications and the ongoing consequences of that organisations reputation.”
“The second most common attack is the Microsoft SQL Server 2000 Resolution Service Stack Overflow Attack. This attack, which is used by the highly successful SQLExp worm (also known as Slammer) and remains a problem for computers running older versions of the Microsoft SQL Server database.”
“The most frequently reported malicious code sample in the region of late has been the worm, Beagle.DL. This mass-mailing worm propagates through peer-to-peer file-sharing networks and by using its own SMTP engine. It may degrade the performance of an infected computer.”
“Bot-infected computers operate in a coordinated fashion under the direction of an attacker and can number in the hundreds or thousands. Symantec believes that new broadband customers may not be aware of the additional security precautions that are required when connecting a computer to the Internet with an always-on high-speed connection.”
“The attempt by a third party to solicit confidential information from an individual or organisation, often for financial gain is also on the increase. There has been a sharp increase over the previous six-month period due to the number of filtering technologies.”
“The future will see an increase in organisations and individuals signing up for a fraud alerting service or the deployment of Web server log monitoring to track if and when complete downloads of their Web sites are occurring. Best practices for end users and organisations will strengthen to deter the attempts of phishing attacks, the use of spyware and keystroke loggers.”
“Antivirus software and antispam software will be on the rapid rise and the technologies associated with firewalls, toolbar blockers and other software detection methods will increase significantly.”
Jon Callas is the principal author of the Internet Engineering Task Force's OpenPGP encryption standard. He’s currently the CTO and CS O for the US-based GPG Corporation a security software company specialising in email and data encryption. He has previously worked for Network Associates and Apple Computers.
"The rise in Internet crime over the past two years is not just down to bored graduate students trying to be clever, it's now financially motivated professional criminals who are turning their hand to the online environment.”
"Hackers and viral threats are also becoming far more targeted. We are seeing the rise of tailored Trojans aimed at customers of specific banks, dubbed spear phishing attacks. Consequently, we are witnessing increasing awareness of the value of an individual's identity, with the adoption of US-style laws aimed at protecting ID by requiring encryption of customer details.”
"However, encryption doesn't solve every problem. Encrypted data merely shows an expert where to look for information, there will always be indicators of what the data was, where it came from and where it went. Back-up systems often save files in the clear, for example. Bear in mind, too, that hackers in other countries may have the manpower and time to crack many commercial systems through persistent brute force.”
"The way forward? Security technology will have to be built more flexibly in order to be able to counter several threats at once. At the same time, user interfaces will need to be made simpler to accommodate more information presentation - coloured surrounds for safe and non-safe, for example. Business processes will need to be changed too, just as credit-card companies will have to stop using the current insurance model, and switch to a more responsible one.”
Graham Cluley - developed the first Windows version of Dr Solomon's anti-virus toolkit in 1992. He’s currently the Senior Technology Consultant at Sophos, the worldwide threat management solutions company and frequently writes columns for various publications along with several media appearances about computer security.
"The creativity has gone now. There used to be viruses that brought up skull and crossbones or ambulances on your screen, now it's much quieter, with 80 percent of new threats being Trojans, rather than viruses or worms. It would be a mistake to say the virus is dead though - you can't patch people clicking on an attachment.”
“A disturbing development is the recent spate of ransom-ware attacks, where files are encrypted and a key has to be bought. The worst of these we've seen was one where a file would be deleted every ten minutes - it's like shooting hostages.”
"The trouble with the adware market, a major funding source for botnets, is that perfectly legitimate companies sometimes find their products being sold by dubious means due to outsourcing. It's very hard to pin down responsibility then in such cases.”
“I think the future will be less about blocking bad stuff, more about authorising good stuff, certainly in the business world.”
Laura Yecies, GM of ZoneLabs. She has 20 years of industry experience and has served executive positions at Yahoo and Netscape and has extensively consulted the likes of Oracle, Visigenic, Hitachi, Phoenix.
“Since the Internet security paradigm shifted in 2004 from hacking for glory to hacking for profit it has not looked back. Spyware went underground and became the new virus (albeit a well-funded version) and current estimates indicate it exists on more than 80 percent of PCs.”
“2006 has kept us busy at ZoneAlarm. We’ve seen the rise of the rootkit threat, a virtually undetectable backdoor to the PC that offers a hacker complete control over the compromised PC. We’ve seen precision attacks target small batches of PCs like ransomware. Browsing has become even more dangerous with websites and servers hosting spyware, adware and Trojans.”
“Today, your information is not safe unless you take every precaution to protect your PC. Your identity is worth money to hackers. Personal information is openly bought and sold on the Internet’s black markets.”
“Everyone should know the answer to the following four questions if they want to protect their identity and their money in 2007:
Is your security multi-layered and up-to-date? Do your solutions protect the kernel level? Are you protected against unknown attacks through behavior-based technologies or heuristics? Are you protecting your personal information from identity theft?”
Mikko Hypponen has been analysing viruses since 1991 at F-Secure Corporation a virus protection corporation based in Finland. He is currently the Chief Research Officer and was the first to warn the world about the Sasser worm outbreak in 2004. He has consulted with organisations including IBM, Microsoft, FBI, US Secret Service, Interpol and Scotland Yard.
"There is some good news: law enforcement has got much better, with international co-operation becoming commonplace, and much better information sharing.”
"Internet service providers are getting better, too. I spent two weeks trying to get Geocities to take down a malicious site two years ago, now it would take less than an hour. However, short of global laws, which are very unlikely to become a reality in my lifetime, there is still a lot of work to do. ISPs have a big problem, in that they should and could, technically speaking stop this traffic, but it is much easier to just ignore the problem.”
"There is a lot of talk that some spear phishing exploits and rootkit use is down to industrial espionage. IP addresses often point to China, but I think that is a far too obvious conclusion. People talk of 'state sponsored' attacks, but again I think this is way too simplistic to be very accurate.”
"Businesses need to be more intelligent, both in the technology they employ and in their use of resources. Intelligent network tracking will solve many ills, but you need an accurate baseline of 'normal' activity to work from - many companies have no idea what this would look like."
Mark Hay is currently the Operations Manager for Microbe, an Australian partner for Kaspersky Lab.
“The technological improvements in our mobile phones and PDA’s mean that we will soon be carrying around mini computers – many with some form of wireless internet access. These devices will need to be protected in the same way as our notebooks and desktop PC’s are currently. The problem is that a PC user is generally well aware of the threat posed by access to the internet or is protected behind a corporate security policy on their company network. Mobile phone users however are not sheltered behind company firewalls and many are not IT savvy.”
“Today however we face an increasingly criminal form of virus or Trojan which is designed to be delivered secretly. Once installed they allow the PC to be used as a Spam relay or ‘bot’. A thousand ‘bots’ under the control of one hacker can then be sold on the black market for thousands of dollars. The purchaser who now controls the bots can then send millions of advertising emails (Spam) anonymously. It’s a big business.”
“Future proofing the reliability and security of the internet could mean tighter control on our access to it. Anonymity will become a thing of the past. Over the past 12 months many PC’s worldwide have been equipped with a security chip called the Trusted Platform Module. In the majority of cases the chip is currently de-activated but can be enabled by software. The chip is one initiative developed and supported by the Trusted Computing Group (TCG).”
“Some of the benefits include: Extension of other safety products such as SmartCards, fingerprint readers, improved encoding of wireless usage as well as protection of the data and data integrity (spoofing protection), file and folder encoding, encoded mailing (code keys produced via TPM), controlling of access and access rights in networks, protection from hacker attacks (system attacks, DOS/network attacks), Secure single sign-on, a "global" user authentication.”
Peter Watson is currently the Chief Security Adviser for Microsoft Australia. He has been involved in the computer security and control field for almost twenty years. His comprehensive security knowledge encompasses the life cycle of security from requirements, strategy, policy and standards, through to architecture design and implementation.
“A key requirement for all users is how to reduce the risks and costs associated with using technology. This primarily relates to protecting the IT environment from a range of threats, including protection from external intruders. Threats are moving up the chain to be more social engineering based and targeted at the individual.”
“The growing uptake of mobility devices – driven by an explosion in product offerings and investment by major telcos in high-speed networks - has also brought with it the imperative of ensuring users can securely and safely access email, applications, documents, and data from any internet connected device. For the CIO of a mobile enabled company, it also means providing employees with mobility and collaboration solutions whilst still protecting company information assets.”
“As the drive for efficiency and emphasis on controlling cost brings organisations closer to their business partners and customers, there is also a greater drive to allow them access to core systems so that they can integrate with the organisational transaction process. The challenge then is to achieve this while putting the appropriate level of controls in place so as not to expose the organisation to threats. Ultimately it is about creating a secure environment while at the same time promoting efficiency and inter-connectivity.”
“Organisations also want to make use of extended enterprise business models, such as outsourcing and on-line services. This allows them to focus on their core business while using services from other organisations to become more efficient. But outsourcing arrangements raise their own security considerations, and organisations need address these before ‘handing over the keys’ so to speak.”
“Consumers on the other hand want simplicity and uniformity, and to avoid repeating information. Their desire therefore is to deal with organisations where transaction chains are integrated -- both within the organisation and across them. Consumers also want secure access to applications, documents and data from any Internet connected device, whether that be at home, in the office or when they are out and about. Most of all, consumers want to know that their data is secure, safe, private and that their personal information is used appropriately.”
Crime watch: What the world's top experts think you should be worried about
By Negar Salek on Oct 23, 2006 12:16PM