Convergence Plus Journal

Sections Online

Inside CP
Archives
Editorial calendar
Feedback
Contribute articles/releases

InfoSecurity

February 7, 2007
Organised hacking will be the new threat in 2007!

NEW DELHI -- Websense, a global leader of Web filtering and a premier provider of Web and desktop security software has been recognised as one of Forbes Magazine's 2004 "Top 25 Technology Companies". The company products increase employee internet productivity and secure organisations from emerging internet threats by providing a proactive critical security component that complements traditional security solutions.

As the company’s products integrate with a wide range of industry leading security and network products including firewalls, proxy servers, caches, switches, routers, and appliances, in the new year, Websense predicted how the hacker community will take its toll on the various organisations and entrepreneurs alike. While it has predicted a lot of miscellaneous wrong doings on the behalf of the community on the wrong side, we can be extra cautious and combat this together by various methods devised.

Convergence Plus spoke to Surendra Singh, head, South East Asia and India, on the solutions offered by Websense to wide range of industries including health care, finance/banking/insurance, government/public sector, manufacturing, legal, technology, wholesale/retail, services and education, and most importantly its predictions for 2007. Excerpts.

Convergence Plus: What are your organisation's general predictions for the coming year?

Surendra Singh: Websense predicts that in 2007 organised criminals will join forces with the hacker community to form a more organised cybercrime economy, which buys, sells and trades hot commodities such as ready made cyber-attack toolkits and exploits utilising zero-day vulnerabilities. Websense security experts also predict that Web 2.0 security issues will escalate as these technologies are being rolled out in mass with security as an afterthought.

No longer are e-mail borne worms and viruses the top concern. Today’s threats revolve around the changing, dynamic and ubiquitous use of the Internet. The Web will continue to be the number one infection vector for malicious code designed to steal information, which is evolving at a rapid pace in both numbers and in attack sophistication.

Websense also predicts exploits in anti-phishing toolbar technology, the enhanced concealment of data to evade leakage prevention, and increased use of encryption and custom packing of BOT’s.

Organised criminals are realising that the Internet has been a largely untapped resource in terms of generating real profit—until now. With financial gain on the table, attack methods are improving, and the number of people involved is escalating

CP: How would you judge the previous year in terms of Information security in India vis-a-vis globally?

SS: In the first half of 2006, we have seen malicious code become more covert, less recognisable, and motivated more than ever by economic gain. Not only have codes become more sophisticated, but the infrastructure supporting its creation and spread has also become more complex. Cyber-criminals are now more creative, organised and business savvy.

According to Websense Security Labs, the number of phishing incidents, on average, has been about 3 to 6 every day. In the current year we have also started to see VoIP phishing become the latest phenomenon. Blogs, personal Web hosting, and social networking sites are also being utilised to host exploits, phishing, and fraud.

Cyber-criminals continue to use innovative social engineering techniques to further their exploits. Of the sites designed to steal credentials, almost 15 percent are derived from toolkits, an emerging tactic from the hacker community.

According to the Websense Security Labs H1 trends report, a 100 percent increase has been noted in sites designed to install keyloggers, screen scrapers and other forms of crimeware. Conversely, Websense has seen more than a 60 percent drop in Websites designed merely to change user preferences, such as browser settings.

We have seen sharp growth of phishing attacks "hosted" in India in recent months. For example, in October, phishing attacks hosted in India account for 2.11percent of world total phishing attacks reported, which make India one of the top 10 countries in this category - which is the second time this year. India was also one of the top ten countries back in June, which account for 1.66 percent of phishing attacks world wide. In fact, according to CERT-In, there has been a rise in phishing attacks on Indian Banks in recent weeks as well.

In India, the concept of Web security policies is still a nascent one. However, the government is taking aggressive steps in regulating cyber crime by increasingly focusing on various aspects of cyber law. The scope of Cyber Laws is no longer confined to the investigation regime alone, but is expanding to other segments of justice administration system as well. The judicial system now takes the IT revolution very seriously. The emphasis placed on cyber security by government has been particularly strong in the wake of the recent data thefts in the BPO industry.

CP: What kind of research has lead to the prediction that organised crimes will come up as the next trend in the security sector?

SS: Websense Security Labs, a 24x7 security labs of Websense serves as a powerful resource to customers and the security community to discover, investigate and report on Internet threats. With extensive internet and malicious code categorisation expertise, Websense Security Labs provide research and deliver timely product and information updates to the security community and Websense customers to support them in making their infrastructures more secure.

Websense Security Labs uses its patent-pending Websense ThreatSeeker technology to mine and analyse over 595 million sites per week for malicious mobile code (MMC) and hacks. The team manages a honeynet of computers to discover new MMC, Trojan horses, keyloggers, and blended threats. Our array of data mining machines scan the Internet 24x7, using algorithmic classifiers that search for and classify malicious content. The findings are used to study the techniques, actions, and behavior of these threats on an enterprise network system.

CP: What are the new security threats that the industry will face in the coming year?

SS: Websense expects underground cybercrime to become better organised and run a better economy. As part of that growing economy, the market for zero-day attack code will be more competitive. This will result in an increase in the number of zero-day attacks and better attacks on both the client and server-side.

Web 2.0 Security Issues Escalate :

Comprising an estimated 80 percent of the top 20 most visited Web sites, such as MySpace and Wikipedia, Web 2.0 sites are a growing phenomenon. Web 2.0 sites including social networking sites are particularly vulnerable to attack because of the constantly changing nature of the content, which is difficult to monitor and secure. With millions of potential victims—criminals, spammers and adware companies are already seeking to prosper. In fact, according to the Gartner November 2006 report “Web 2.0 Needs Security 101” by John Pescatore, the author notes that “Web 2.0 mashups that are not done securely will lead to huge openings for new forms of phishing and other attacks.”

Web 2.0 Areas of Concern:

User-Created Content: As mentioned in 2006, by empowering end-users with creative, dynamic, content control, increased security problems will result.

Social Networks: The large population of users and ability to link users through profiles and networks will lead to more security issues within these communities. Entertainment social networks are not the only targets; there are several business networks of users linking for employment recruiting, business development, and other business-related reasons that face the same threats.
Service Oriented Architecture (SOA) and Web Services: The Web as a platform is finally here. The advent of ‘mashing’ Web services and linking several properties together will lead to increased security issues, as cross-domain security issues can affect all links in the chain.

Anti-Phishing Toolbar Exploits:

In 2006, several high profile companies released anti-phishing toolbars embedded within the browser. However, Websense predicts that some anti-phishing toolbars will become targets of exploit code designed to disable or avoid their prevention mechanisms.

Enhanced Concealment of Data:

In 2007, stealing information using malicious code will increase. Prevention methods will also lead to better concealment of the valuable information that often leaves organisations and the network. Cyber-criminals will increasingly use encryption with malicious code to bypass preventive measures.

BOT Evolution:

The BOT evolution will continue and evolve again with countermeasures. Distributed command-and-control and the use of other protocols other than Internet Relay Chat (IRC) or HTTP will be used to control BOT networks. Increased use of encryption and custom packing of BOT’s will also occur.

CP: How can organisations prevent themselves from the new threats to be faced?

SS: Most organisations rely on a combination of gateway firewalls and antivirus software to protect against Web-borne threats. However, today’s new computing threats are designed to operate in a world full of firewalls and antivirus solutions. While firewall technology has not changed much in the last few years, today’s computing threats employ sophisticated techniques to bypass perimeter security. For example, many of these applications are able to communicate dynamically over different ports, thereby “hopping” right past static firewalls that block specific ports.

Organisations today require solution that complements traditional security solutions while creating a robust security solution spanning the gateway, network, and desktop.

Websense Web Security Suite provides an integrated Web security solution that blocks spyware, MMC, and other Web-based threats, as well as spyware and keylogging transmissions back to their host sites. It also protects employees from phishing and controls the sending and receiving of IM attachments. The Websense Web Security Suite provides real-time security updates for immediate protection from new security threats and includes award-winning Web filtering technology, and robust reporting and analysis tools that provide organisations with complete information on user access to fraudulent sites or vulnerability to malicious code. Websense Web Security Suite also includes subscriptions to Websense Security Labs security alerts, as well as SiteWatcher and BrandWatcher services.

SiteWatcher

Hackers can transform a company Website into a malicious Website. When Websites are hacked into, the sites themselves become attack vectors and are used to distribute malicious code.

Websense developed a service called SiteWatcher. This valuable service notifies customers immediately if their organisation's Website becomes infected with MMC. This early notification allows the organisation to take immediate measures to prevent the spread of MMC to customers, prospects, and partners visiting the Website.

BrandWatcher

The Websense BrandWatcher service lets customers know if their organisation's Website or brand has been targeted in a phishing or malicious keylogging code attack. This service provides the organis ation with security intelligence, including the attack details and other security-related information.

If the company’s Website has been spoofed, the reported information will include where the site is hosted (IP address, URL, domain, etc.), the location of the site, the registered owner of the domain name and the address space, and the status of the site (whether it is still up and running, for instance).

If the company’s brand has been used in distribution of malcode, the attack information will include the source of the code, what the code does, and how widespread the distribution is.

CP: What kind of applications are being developed for combating phishing, (as we know, phishers are becoming increasingly skilled in their jobs lately)?

SS: As Web-borne threats become more complex and virulent, companies must face the need to supplement their existing, traditional security measures. The Websense Web Security Suite provides an integrated Web security solution that blocks spyware, MMC, and other Web-based threats, and prevents spyware and keylogging transmissions back to host sites. It also protects employees from phishing and controls the sending and receiving of IM attachments.

The Websense Web Security Suite provides real-time security updates for immediate protection from new security threats. Robust reporting features and analysis tools ensure that organisations have complete information on user access to fraudulent sites or vulnerability to malicious code. And the Websense SiteWatcher and BrandWatcher services ensure that organisations are immediately informed of any attempts to hijack their Websites or use their brand or company image in a fraudulent manner. The Websense Web Security Suite gives organisations the confidence that they are protected against and informed about emerging, complex security threats.

Surendra Singh, Head, South East Asia & India

Disclaimer: No content may be used from this site without the written permission of the authors, Convergence Plus, Comnet Publishers Pvt. Ltd. and Exhibitions India Pvt. Ltd. The views expressed on this site are solely those of the authors and do not reflect those of Convergence Plus, Comnet Publishers Pvt. Ltd. and Exhibitions India Pvt. Ltd.