New Trends in Cyber Threats

By Sherry Harowitz
            “The fact is, if somebody wants to get in, he’s getting in,” said Genes. So instead of thinking that you can build a stronger wall, “you have to accept that somebody is within your perimeter,” and “you have to detect the event and protect the data,” he said. Companies that have suffered incidents are starting to understand this new paradigm. It means using encryption and using active processes to monitor for signs of an intrusion or signs of data extraction.
One of the ways that Trend Micro tackles the issue is to constantly study the cyber lures that criminals put out in the wild, whether via spam or targeted phishing e-mails or infected Web sites. Trend Micro harvests the information by mimicking user behavior. In other words, if it’s a link designed to trick the user to click on it, the researchers intentionally click on it, get the files, and analyze them to determine what they are attempting to do.
It might be e-mail that purports to be an account statement from your bank but in fact is a link to a DNSChanger, a type of malware that will send your computer to an alternate Web site (you’ll think you’re going to the bank when you are going to the site set up by the hackers to steal your information or to trick you into downloading malware into the company’s network.)
Where appropriate, Trend Micro shares the findings with law enforcement so that those agencies can go after the criminal gangs, rather than just having customers fend them off one attack at a time. It was that type of intelligence that helped the U.S. FBI bring down a criminal enterprise in Estonia in 2011 that had infected 4 million machines in 100 countries and stolen $14 million from victims.
As for what attackers do, mostly they are interested in stealing data for money, but they sometimes manipulate a company’s  data to sabotage their research efforts. And Genes said he has been surprised at how many attacks were destructive. For example, in one project, Trend Micro set up a “honeypot” that was a fake site intended to look to attackers like a real utility with SCADA control systems somewhere in the United States. Within 18 hours, it was being attacked. They saw attempts to increase spinning of pumps and even to destroy the system.
As for what the future holds, there are faster and faster development cycles, so there are more and more vulnerabilities. And security remains an afterthought. Add to that the fact that everything from your hotel key to your car and your home TV is becoming “smart,” which means computerized and connected. And that means that everything can—and will—be hacked. It’s already been done to keys in hotels and now it’s being done to smart cars, many of which use software with lots of known but unpatched vulnerabilities. Popular Photography magazine has an article on how cameras with wifi are also being hacked. Trend Micro predicts that a hack of smart TVs is probably not far behind.
On the solution side, private companies like Trend Micro are reluctant to reverse attack botnets to give them a kill order. It’s technically possible but legally risky, they said. Governments have also been slow to take actions that could slow down cybercriminals. Japan and Australia are starting to hold ISPs responsible, but privacy advocates object in many countries. Without legislation, however, the ISPs don’t have much incentive to refuse to host the bad Web sites, says Trend Micro.
On the private-sector side, what companies and individuals can do is try to keep their own computers clean, both for their own sake and to protect the Internet at large from legions of zombie machines.

Photo of students from flickr by Extra Katchup


View Recent News (by day)


Beyond Print

SM Online

See all the latest links and resources that supplement the current issue of Security Management magazine.