The Evolution of Security Threats
Today’s targeted malware attacks are infecting unsuspecting businesses at astonishing rates, rendering traditional antivirus solutions ineffective. In 2007, PandaLabs received more malware than in the previous fifteen years combined. PandaLabs now receives over 3,000 unique suspicious examples of new malware every day, compared with an average of 400 per month prior to 2007.
In addition to the increase in frequency of attacks, the nature of security threats has matured, posing newer and more challenging problems to companies. Reported and known viruses are becoming less important compared to the increase in unknown threats and attacks.
To trace the increased complexity and frequency of threats, it is important to look at the evolution of their creators. Malware creators have gone from being merely curious and seeking notoriety, to looking for personal financial returns and/or forming part of a complex network of business, national, or political interests. In the January 25, 2007 Gartner teleconference “Host-Based Intrusion Prevention Systems (HIPS) Update: Why Antivirus and Personal Firewall Technologies Aren’t Enough1”, the author claims that the objectives started as pure experimentation and are now developing towards information warfare. The frequency of Cyber-crime attacks is forecasted to increase dramatically by 2010. Gartner states, “By year-end 2007, 75% of enterprises will be infected with undetected, financially motivated, targeted malware that evaded their traditional perimeter and host defenses (0.6 probability).”
There are currently four different types of cyber-criminals:
1. Kids (age group 9-16) – Most amateur hackers are teenagers. For this age group, it is a matter of pride to have hacked into a computer system or website using malware or intrusion attacks. This group often commits cyber-crimes without realizing it.
2. Organized hacktivists – These are hackers with a particular motive, including political, social, or religious activism.
3. Disgruntled employees – With the increased independence on computers and the automation of processes, it is now easier for disgruntled employees to bring down entire IT systems, committing cyber-crimes to damage their employers
4. Professional hackers (corporate espionage) – Current use of new technologies in companies has resulted in them storing all their information in electronic form. Some rival organizations contract hackers to steal industrial secrets and other information that could be beneficial to them. Professional hackers apply targeted malware or attacks aimed at a specific company, type of company, individual, etc. These are not massive attacks, as their aim is not to reach as many computers as possible.
Newer Types of Attacks
In addition to changing motivations, the level of knowledge of malware creators has been increasing dramatically. Tools and techniques that were yesterday only in the hands of software experts are now available to those starting out in the ‘profession’, increasing the general skill levels of perpetrators. Some of the newer types of threats used by virus creators in these silent epidemics or targeted attacks include:
- Bot: This term is a contraction of ‘software robot’. This is a program that allows a system to be controlled remotely without either the knowledge or consent of the user.
- Zombie: A zombie is a system (PC) controlled through the use of bots.
- Botnet: A network or group of zombie computers controlled by the owner of the bots. The owner of the botnets sends instructions to the zombies. These commands can include updating the bot, downloading a new threat, displaying advertising, or launching denial of service attacks.
- Bot Herder (or Bot Master): A person or group that controls the botnet. They are also known as ‘bot masters’ or ‘zombie masters’.
- Rootkit: A collection of tools which in themselves are neither good nor bad. In fact, they are frequently used in perfectly legitimate activities. However, a rootkit can be used with malicious purpose. They are often used to hide other types of threats. There are even examples of rootkits that have been hidden for many years without users’ awareness.
- Spear phishing: This attack uses phishing techniques, but is aimed at a specific target. The creator of this type of attack will never use spam to obtain a massive avalanche of personal user data. The fact that it is targeted and not massive implies careful preparation in order to make it more credible and the use of more sophisticated social engineering techniques.
