Companies need to step up their ability to guess where cybercriminals will strike next.
Ian Amit, director of security research at Aladdin Knowledge Systems claimed that by monitoring activity of criminals, you could stake a strong guess at future targets.
Amit said: “Logic helps us know where the criminals will go next. One of the goals is to be ahead of them, rather than focus on the crime that has happened we ask how it was done, where the criminals came from and where they will go to next.
"What people are doing is not working, we look at servers and their background and what drives them and look and what makes their business model. We're trying to raise awareness as education is important, it makes people realise what they are dealing with, and if they know what they should be seeing they will know what is not right.
“Sometimes it is just a hunch and it comes from working within it and we pass our knowledge on to the users. We ask what focus the company places on security and get them to face facts. We look at infected servers and use the data to see sustained amounts of business, as well as getting a lot more traffic than they would normally be used to.”
So if investment needs to be made in order to protect servers, and companies should spend time monitoring their traffic to see suspicious levels of traffic, how can IT managers convince their boards to spend on IT? Amit said: “My best audience is the CFOs, if you put the money men behind security you make it more real.
“In terms of the advice that I can pass on, if I were in the position of a criminal I would look at online shopping as they know what the busy times are and if today is ‘black Monday' they can be prepared. IT managers can also look at what is going on worldwide and track activity, and if they guess where criminals will go next and only get 60 per cent correct, it is better than nothing.”
In September, Amit exposed the world's largest organised cybercrime operation and unmasked individuals from three criminal gangs. They had gained unauthorised access to more than 200,000 servers and compromised over 80,000 legitimate websites that had used new hacker tools.
Stolen access details from these victims were then made available for sale on a cybercrime server potentially opening the door to subsequent fraud, vandalism and identity theft.
Since the cybercrime ring was unmasked, Amit has worked with CERT and numerous law enforcement agencies worldwide to begin informing affected organisations, which include the United States postal service, major universities and a number of Fortune 500 companies.
See original article on scmagazineus.com
Guessing ahead of cybercriminals is crucial to prevent infection
By Dan Raywood on Nov 25, 2008 9:53AM