| INFORMATION |
| Published : |
Nov 20, 2009 |
| Length : |
7 |
| Type : |
White Paper |
|
| |
|
|
|
| Overview : |
|
The increasing sophistication and dynamism of multi-vectored network attacks, including use of botnets to deliver threats deep inside the enterprise, requires rethinking network security. In light of this sophistication and the corresponding multi-pronged attacks, traditional exploit-based solutions fail to be effective countermeasures to secure the network. Network and security architects need to consider a new approach that combines some traditional network defense technologies with a new concept, that of Global Threat Intelligence, in order to map to the anatomy of these threats - including the vulnerability, exploit, and threat vector - in order to stop them. |
|
 |
 |
|
|
| View All Items By This Company |
| Browse Related Categories : |
|
Anti Spam
,
Anti Spyware
,
Anti Virus
,
Application Security
,
DDoS
,
Email Security
,
High Availability
,
Internet Security
,
Network Security
,
Phishing
,
Security Management
,
Security Policies
,
Vulnerability Management
,
Web Service Security
|
|
|
|
|
|
|
|
Cyber-crime today is essentially an international business run by increasingly sophisticated groups of well-organized criminals using botnets to deliver their attacks. Many of us probably know that those interested in committing data theft, distributing spam, or disrupting a Web site's operations can easily rent armies of previously infected botnet computers or find online crimeware toolkits (both freely available and for sale) to create their own. To put the use of botnets into perspective, consider that cyber-crime follows the same supply and demand laws of any business. Because of their growing use, the cost of renting out 10,000 botnet machines has tumbled to $200 a day, from between $2,000 and $5,000,
according to an August 2009 BusinessWeek article.1 What is truly stunning is the sheer sophistication, volume, and frequency of the crimes committed using botnets. And to mask criminal activities, groups are hiring money-mules to steal funds out of stolen bank accounts.
For example, in October 2009, the FBI arrested 53 individuals in the U.S. and sought to arrest 47 people from Egypt engaged in online bank fraud that had netted at least $2 million from individual and business bank accounts.2 To carry out the thefts, the Egyptian group coordinated a massive phishing campaign that lured users to fake Web sites made to look identical to the real banking sites. There, the users were asked to enter personal information like their bank account numbers, passwords, Social Security numbers, and drivers' license numbers. The U.S. group transferred funds into their own accounts and remitted
some monies back to their accomplices in Egypt. Such collaborative efforts are becoming more common. In August 2009, the banking industry group Financial Services Information Sharing and Analysis Center (FS/ISAC) issued an alert noting that "Eastern European organized crime groups are believed to be predominantly responsible for the activities that are employing witting and unwitting accomplices in the U.S. to receive cash and forward payments - from thousands to millions of dollars to overseas locations - via popular money and wire transfer services."
Such groups rely on phishing, new malware, and poisoned Web sites to infect more and more computers, which are often joined into centrally controlled botnets. And they have stepped up their efforts in the last six to 12 months.3
|
|
|
|
 |
|
