Phishing sites represent a mounting problem
July 18, 2005
When a phishing attack is launched from overseas, different time zones and important language barriers can add more layers of complexity in order to quickly resolving the Internet security threat. Such breaches represent mounting security problems for IT managers and network administrators, as many hackers target industry-identified soft spots such as China, Korea and India as a base for global attacks.
And while security response bodies and law enforcement agencies are cooperating in the fight, there's still more that can be done to coordinate, experts say.
The stakes are high. Companies can find their operations sidelined for days and their reputation tarnished after suffering an onslaught from a worm like Sasser, a denial-of-service attack, or a phishing scam that attempts to steal sensitive information from their customers.
All that translates into a financial loss for companies and organizations in the United States, which last year saw viruses cost them $55 million and denial-of-service attacks $26 million, according to a survey of corporations, government agencies, financial and medical institutions, and universities conducted by the Computer Security Institute and the FBI.
The source of these problems is often a network of "zombies," or compromised PCs that can be controlled remotely and sometimes without their owners' knowledge. Miscreants can create or hire armies of thousands of these PCs and use them to launch massive onslaughts of spam, virus and denial-of-service attacks, for example.
Here are suggested measures to take as threats move from one region of the world to another.
• Create a computer security incident response team for the company.
• If resources are lacking to create a company CSIRT, designate one person or a group to take responsibility for security efforts.
• Keep security patches and antivirus software up to date.
• Enable the data collection feature on routers to get information on the movement of people on the network. This will let companies trace the origin of intrusions and anomalies.
China and the United States regularly swap out top billing as the country where the most zombies can be found, according to figures from CipherTrust. Last week, China accounted for 21 percent of new zombies, while the United States had 17 percent and South Korea 6.8 percent, the e-mail security company said.
China and South Korea both have high broadband penetration but minimal use of security software by companies and consumers in those countries, said David Jevans, chairman of the Anti-Phishing Working Group. That makes them a soft spot for those looking to create zombie networks, also known as "botnets."
"There are certain companies that pay a fraction of a penny for every computer that gets loaded with adware. So, for some people, hacking into 4,000 computers to make $200 is not attractive. But in developing nations, $200 is good money," said the Forum of Incident Response & Security Teams' Reid.
Eastern Europe, which has steep unemployment combined with a highly educated IT work force, is one of those breeding grounds for cybercrime, security experts said.
The effects of such activities weigh greatly on companies, especially financial institutions, which rely on customer confidence. Exchange Bank, a Santa Rosa, Calif.-based community bank, has experienced phishing and pharming attempts, most of which originated overseas, said Bob Gligorea, an information security officer at the company. Both types of attack try to glean passwords and other sensitive personal information from customers by setting up Web sites that pretend to belong to trusted providers.
In an effort to stem such security threats, Exchange Bank has taken several steps, from using intrusion prevention systems, to contracting with Internet Security Systems for managed security services, to outsourcing its electronic banking services. The bank is currently in talks with its electronic banking partner about using technology to test customers' PCs for active viruses and Trojan horses, Gligorea said.
Other methods to fight back are also being tried out. Some companies have taken the stance of blacklisting Internet service providers that they suspect have networks heavy infected with zombies, said Chris Rouland, the chief technology officer at Internet Security Systems.
But the Anti-Phishing Working Group's Jevans noted that it's difficult to get ISPs in some countries to shut down one of their customers.
"China and Korea have been the hardest to have an ISP or domain name registrar take down a site," Jevans said. "There are some registrars in China that don't have a contact number, so you can't even call them."
Given that, the announcement last month that China had joined an international effort to beat spam, the London Action Plan on Spam Enforcement Collaboration, was welcomed as a significant step forward.
The Forum of Incident Response & Security Teams, which serves as a global clearinghouse for incident response teams in corporations, government agencies, universities and organizations, has a number of suggestions for combating international threats. For example, FIRST advises companies to create a computer security incident response team, or at least dedicate one person to take overall responsibility for protection.
In addition, FIRST's Reid suggested that companies not only keep their security patches and antivirus software up to date, but also enable the data collection feature on their routers, which will allow them to monitor where individuals go on their network and trace back intrusions for anomalies.
Some countries find themselves hit more than others by pests like botnets. Australia: Small concentration of banks and frequently used e-mail domain names with .au suffix means the country's banking customers are an easy target for phishing attacks.
Brazil: Small concentration of banks and frequently used e-mail domain name makes country a target for Trojan horses that drop keyloggers.
China: High broadband use and little security awareness makes region more open to zombie networks.
Korea: High broadband use and little security awareness makes region more open to zombie networks.
Russia: High unemployment plus a work force with good technical skills means this and other Eastern European nations are home to a number of cybercriminals.
Organizations are also urged to join security groups such as FIRST, or a Computer Emergency Readiness Team, to share information on security threats, Reid said. Such trade and international groups are working to bridge the gap in fighting cybersecurity threats on a worldwide basis.
Members of FIRST, for example, share information on specific threats and vectors, as well as addressing security topics and solutions, Reid said. An organization in Sweden might e-mail the forum with a warning that it is noticing a rise in a particular type of hacking method from an ISP, for example, Reid said. And IBM might then add to the e-mail discussion with a notice that it has seen a similar method used but with 50 different ISP addresses.
Law enforcement agencies are also working to thwart malicious hackers, but impediments stand in their way.
If Brazil wanted to obtain information on a customer of an ISP overseas, it could rely on international treaties and courts to approve such seizure of information, said Paulo Quintiliano, who heads the Brazilian Federal Police's computer crime unit. But that could take anywhere from six months to two years, he noted.
So two years ago, Quintiliano started a project to speed the investigation and prosecution process of cybercriminals.
"If a Brazilian commits a crime in the U.S., the FBI can send me a log from the ISP. Based on this, I do my own investigation and…ask the ISP to break the secrecy. From this, I can find the criminal (in Brazil)," Quintiliano said. "Rather than wait two years, I can get the information I need in two weeks."
Brazil, where banks have lost $70 million in the past two years to keyloggers, is working with the United States and Spain using this technique, Quintiliano said.
The National Hi-Tech Crime Unit in the United Kingdom works with the FBI, the Secret Service and the U.S. Postal Service on cyberinvestigations, as well as with other countries' cybercrime units, said Felicity Bull, a spokeswoman for the NHTCU. The British organization has cooperated with Russian law enforcement officers on an investigation into an extortion attempt against an online betting company, Bull said. The NHTCU coordinated with the Russian authorities and arrested five people.
"The Internet is a global place, so we can't sit in isolation," Bull said. Law enforcement agencies, trade groups and companies around the world are trying a multitude of methods to mitigate the problem of attacks coming from abroad. These measures range from automatically filtering out incoming e-mail from certain regions of the world to laying the groundwork for tightening global coordination to fight cyberattacks.
These efforts should add muscle to businesses as they work to tackle threats from overseas. But another factor to take into account is that attacks are becoming more sophisticated and more efficient as organized crime moves into hacking. One security expert said that in the future, it won't be enough to just take on viruses and attacks one at a time.
"You have to solve the motivation for the crime," said Lance Spitzner, president of the HoneyNet Project.
"Three years ago, hackers were hacking for the fame. Now, hackers are hacking to get rich. It's not so much a security issue. It's a crime issue now."
Source: C-Net News
Become an authorized reseller of Proxy Sentinel™ and Firewall Sentinel™. Do like the rest of our authorized resellers and have your clients benefit the important security features of our products and solutions, while increasing your sales at the same time. Click here for all the details.
You can link to the
Internet Security web site as
much as you like. Read our section on how your company can participate in our
reciprocal link exchange program
and increase your rankings
in the major search engines such as
Site optimized by Pagina+™
Powered by Sun Hosting
Search engine keywords by Rank for Sales
Development platform by My Web Services
Internet Security.ca is listed in
Global Business Listing