Master blaster
Master blaster
Cyber attacks are growing ever more elaborate and dangerous. Chief among those in recent months has been the Blaster worm. Security specialists Symantec uncover our vulnerabilities and outline how to prevent becoming another victim.
It is highly likely that you or someone you know was affected in some way by the Blaster worm (W32.Blaster.Worm). By the middle of August, 2003, Blaster had infected more than 1 million computers; at its peak, it was infecting 100,000 systems per hour.
Global computer attacks such as the Blaster worm have highlighted technology security threats and exposed the dark side of information technology.
A recent report by Symantec (Internet Security Threat Report) indicates that newly-documented vulnerabilities rose by 81.5 percent, with an average of seven new ones being found every day.
Symantec's study indicates that the overall rate of attack activity in the past six months rose 19 percent over the last year. On average, companies experienced 38 attacks per week, compared with 32 attacks per week in 2002.
According to Vincent Weafer, senior director of development, Symantec security response, "the volume of attacks is increasing the speed of attacks is increasing and the complexity and sophistication of attacks is increasing."
Weaver says that people are desperate to get information to prepare for these types of scenarios.
"This is very different from the sort of attacks we had in the 90's, where we were saying that's a virus-here is some anti-virus software. Now we are saying you need to start thinking about security in depth. You need to make sure you are covering all security holes," Weafer said.
A large proportion of worms and other cyber attacks are successful because of vulnerabilities in a small number of common operating system services. The attackers take the easiest and most convenient route and exploit the best-known flaws with effective and widely available attack tools.
They count on organisations not fixing the problems, and they often attack indiscriminately, scanning the Internet for any vulnerable systems. The easy and destructive spread of worms, such as Blaster, Slammer, and Code Red, can be traced directly to exploitation of unpatched vulnerabilities.
Linux systems are also increasingly at risk, the report says, as some highly sophisticated Linux viruses and worms have been developed recently. It appears malicious-code writers are developing a greater sophistication in programming and more familiarity with the Linux operating system and its applications.
"What we are finding is that the threats have evolved from the very simplistic kind of direct hacking attacks to mass worms-we have got a situation where the threats are threaded together. We have global infections which are worms, using many techniques that exploit your vulnerabilities," explains Weafer.
Blended threats, which combine malicious code with vulnerabilities to launch an attack, accounted for 60 percent of malicious code submissions in the first half of 2003, according to the report. This represented a 20 percent increase in the number of blended threats.
The blended threats have characteristics of both viruses and worms but currently have no payload. This means they simply compromise a system and use it to attack others, but are so far unable to destroy a system's hard drive or delete data.
The fear is that in the future new blended threats will have payloads that can cause greater damage than just simply using system resources or a network, and can also take advantage of applications where no known patches exist. This would wreak havoc because there wouldn't be a readily available fix.
"Blended threats utilise multiple methods and techniques to spread rapidly across the Internet and cause widespread damage-denial-of-service attacks, hacking attacks etc. A review of the major blended threats that emerged over the past several years reveals that all targeted known vulnerabilities, some of which were well documented for more than six months before the threat was created. Today, there are numerous known vulnerabilities that could be targets for the next generation of major blended threat attacks," explains Rob Clyde, Vice President and Chief Technology Officer, Symantec.
The indiscriminate nature of technology attacks makes combating the problem a challenge. Weafer believes this can make people more likely to become a victim of cyber crime.
"Internet crime is anonymous as the perpetrator does not know anything about you except that you're an asset and you are vulnerable. They don't know that there might be a nicer asset next door.
"Technology is like anything else-we will always have criminal elements. The motivations of viruses, hacking, etc has changed and that is worrying. We have always associated virus with the novices. Increasingly, we are seeing crime come into it and the motivation is profit," says Weafer.
"Until now, 'amateurs'-young people with no particular motivation or target in mind-have undertaken most of the highest profile attacks on the Internet. However, I expect that over the coming year and beyond, we will see a rise in more professional types of attackers, targeting specific crucial online systems and posing great potential dangers not only to the Internet, but also to our national security, and ultimately our entire way of life," adds Clyde.
The security industry is investing in proactive systems in an attempt to provide first-strike protection against threats. What is expected is the emergence and deployment of new proactive technologies in the coming years, including behaviour blocking, anomaly protection and new forms of heuristics.
"Going forward, organisations must employ a more holistic strategy. Of primary importance will be the ability to see a comprehensive view of the organisation's exposure and vulnerability to potential and actual risks, and to employ an early warning system that offers timely alerts. In addition, integrated security solutions must be incorporated into the operating infrastructure to provide protection at all tiers, including the gateway, server and client," concludes Clyde.
Related Article: