Issue dated - 23rd February 2004

-

Previous Issues
CURRENT ISSUE
INDIA NEWS
NASSCOM SPECIAL
COLUMNS
TECH FORUM

THE C# COLUMN
BETWEEN THE BYTES
TECHNOLOGY
SPECIALS <NEW>
Symantec Report
Security Headquarters
JobsDB
MINDPRINTS
HMA BANKBIZ
EC SERVICES
ARCHIVES/SEARCH
IT APPOINTMENTS
Openings At Jobstreet.com
WRITE TO US
SUBSCRIBE/RENEW
CUSTOMER SERVICE
ADVERTISE
ABOUT US
 Network Sites
  IT People
  Network Magazine
  Business Traveller
  Exp. Hotelier & Caterer
  Exp. Travel & Tourism
  Exp. Pharma Pulse
  Exp. Healthcare Mgmt.
  Express Textile
 Group Sites
  ExpressIndia
  Indian Express
  Financial Express

 
Front Page > Opinion > Story Print this Page|  Email this page

The changing face of cyber attacks

Technology is changing faster than ever, and so are IT-related security threats. Cyber attacks will become increasingly sophisticated and difficult to handle, warns Joy Ghosh

In 1999, the Melissa virus caught us off guard, sending millions of infected e-mail messages across the globe. Just a year later, in May 2000, the LoveLetter worm caused $8.7 billion in worldwide damage according to published reports (computereconomics.com).

Nimda and Code Red in 2001 ushered in the new era of blended threats. Blended threats are capable of spreading across the Internet without any user interaction and then automatically launching further attacks such as denial-of-service (DoS) or hacking. In January 2002, the Slammer worm spread across the Internet, causing widespread, if short-term, Internet outages. In 2004 the virus Novarg or Mydoom, the worst virus to ever hit our networks, has already caused potential damage.

There is little question that we could see even faster spreading and more destructive threats in the future; so-called ‘Warhol’ and ‘Flash’ threats could potentially disable major networks or large portions of the Internet within minutes or even seconds, leaving no time for IT staff to respond.

Rise in incidents

The threat of cyber attacks is growing every day, due in large part to increased business reliance on e-mail and the Internet. According to statistics from Carnegie Mellon’s CERT Coordination Centre, the number of IT security incidents reported has steadily grown from 52,658 in 2001 to 82,094 in 2002, and in just the first quarter of 2003, there were 42,586 reports—bringing about the possibility that the year would see double the attacks as compared to 2002.

Results of the new 2003 CSI/FBI Computer Crime and Security Survey indicate that e-mail threats continue to be the most common kind of attack. The Survey also asserts that theft of proprietary information is still a widespread problem, and is the source of the most cybercrime-related financial losses. Second on the list of most costly cyber attacks are DoS attacks. This continued increase in security-related incidents points to another challenging year ahead for IT security staff.

The shifting attacker profile

At the same time that threats are increasing in number and complexity, we are likely to see an evolution in the profile of attackers. Many of the recent high-profile attacks have been launched by amateurs with no particular target or motivation in mind. However, as more critical business and government functions are conducted online we expect to see an evolution to more professional attackers with more specific targets and motivations in mind. These better-funded, more dedicated attackers are likely to be able to find and exploit vulnerabilities much more quickly than the amateurs of the past.

Less time to react

Blended threats, worms, and hackers often exploit known vulnerabilities in computer software. Typically these exploits occur sometime after the vulnerability has been discovered. We refer to the time between the discovery of vulnerability and the exploit of the vulnerability by a specific threat as the vulnerability threat window.

For example, the Nimda and Slammer worms had vulnerability threat windows of many months, leaving plenty of time for the vendor of the vulnerable software to create a patch and warn the public, reducing potential threat damage. On an average, exploits are created six months after the vulnerability has been publicly disclosed. As we see a migration to the professional attackers described in the previous section, we will likely see much shorter vulnerability threat windows. The better funded the attacker, the more resources they will likely have to find new vulnerabilities and quickly create associated threats. This could ultimately lead to the emergence of a Day Zero threat. A Day Zero threat occurs when an exploit is created and released as soon as the associated vulnerability is found, leaving software vendors, computer administrators, and users with no time to respond.

Threats of today and tomorrow

We can separate today’s threats from emerging threats by assigning them to general classes based on how rapidly the threats spread. As we move from Class I to III, there is less of a chance that human response can contain the threat:

  • Today: Class I threats—Class I threats spread within days or hours. To date, most attacks have fallen into this category. Class I threats include e-mail worms and many blended threats. Human response to these threats with virus updates, router filters, and firewall rules is possible.
  • Today and tomorrow: Class II threats—Class II threats can spread across the Internet within hours or minutes. The Slammer SQL worm that hit earlier this year shows us glimpses of what a Class II threat can do, as Slammer’s infection rate doubled every 8.5 seconds in its initial stages, and over its first five days, cost an estimated $1 billion in lost productivity. The fastest moving Class II threats are very difficult or impossible to address via human response mechanisms. They require more automated responses.
  • Tomorrow: Class III threats—Future Class III threats will be capable of attacking systems across the Internet in mere seconds. Widespread connectivity helps to make this a very real possibility. Human response to such threats will be impossible, and even the fastest automated response will be unlikely. Defending against Class III threats will require fundamentally new proactive technologies. Such technologies will need to be capable of blocking new threats on host and network computers before they have a chance to spread.

The good and the bad news

The good news is that enterprises are enforcing security policies more rigidly than ever, and employees are aware of the dangers of clicking on executable attachments or opening unsolicited email. Additional results of the 2003 CSI/FBI survey indicate that 99 percent of enterprises are using anti-virus software, 98 percent have firewall protection in place, and 73 percent have intrusion detection technology in place (up from 60 percent in 2002). Security solutions have grown to cover multiple tiers, and make management easier with centralised consoles, correlation and automated response mechanisms. Features such as early warning, heuristic detection and policy management also help enterprises bolster their networks against growing security threats.

However, the sophistication of both attackers and their threats is only increasing. This is not a time to let your guard down—in fact, just the opposite. In the future, we will likely see even faster moving targeted threats that will allow little or no time to respond. Don’t be on stand-by waiting for the next big cyber attack—having the luxury to react to a cyber attack is becoming a thing of the past.

The author is enterprise sales director, ASEAN and India, Symantec Corporation
<Back to top>


© Copyright 2003: Indian Express Group (Mumbai, India). All rights reserved throughout the world. This entire site is compiled in
Mumbai by The Business Publications Division of the Indian Express Group of Newspapers.
Please contact our Webmaster for any queries on this site.