This article can also be found in the Premium Editorial Download "Information Security magazine: Reflections on the impact of Sarbanes-Oxley."

Download it now to read this article plus other related content.

Yesterday's tattered system or network administrator, or Web site operator, fought back with signature-based defenses, or sometimes hid in the weeds hoping they'd plugged the latest Windows hole and prayed the latest mass-mailing worm would skip on by. That kind of security by obscurity is fatal today to many business models.

"Coupled with [the changing threat landscape] has been the transformation of attack tools, going from largely self-propagating attacks or hacker tool-kits to automated, sophisticated blended threats with a high reliance on social engineering," Spafford says. "Botnets and rootkits are prominent. For those of us looking at trends, we see a similar evolution of viruses--stealthy, widespread, automated, organized criminal activity, coming from where we were 10 years ago."

Donn Parker, a longtime computer crime observer and prominent researcher with SRI International, says the cat-and-mouse game between criminals and those paid to keep them in check followed business' migration to the Net--and he doesn't expect it to abate any time soon.

"I've said time after time, the problems associated with the use and misuse of computers is a one-upsmanship problem. The bad guys figure out new ways to beat the newest security, and good guys increase security again," Parker says. "Used to be in

    Requires Free Membership to View

the 1960s, '70s, '80s, it was amateur criminal activity where the criminals were motivated to solve their own personal problems by malicious acts against computers. Gradually...it has grown into a very large-scale organized criminal activity where motivation is for financial gain."

The frenzy for enterprises to create online business models, and rush services and products online prematurely, has in many ways contributed to the success of the criminal element. Microsoft was the biggest offender in the early part of the decade. Simple, yet extraordinarily effective, pieces of malicious code roared through gaping holes in Windows. Vulnerabilities in the IIS Web server enabled the Code Red and NIMDA worms to spread like weeds across the Internet, infecting thousands of systems with self-propagating, network-aware engines. The Slammer worm, in January 2003, may be the most infamous--and smallest--malware to hit the Net and be so prolific. Exploiting a flaw in Microsoft's SQL Server database--for which a patch had been available for months--Slammer dragged portions of the Internet to a crawl, and made life miserable for administrators slow to patch these balky products.

This was first published in January 2008

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: