WASHINGTON D.C. – The information security industry deserves credit for recent high-profile wins against major...
security flaws and malicious attackers, according to one expert, but there's no question that when it comes to cyberwarfare, targeted attacks and digital terrorism, the worst is yet to come.
Tuesday at the Computer Forensics Show, Ralph Thomas, deputy intelligence director for VeriSign Inc.'s iDefense Malcode Intelligence Unit, gave attendees a look at 2009 cyber threats, trends and recent developments, many of which highlighted the industry's progress combating large-scale threats.
He praised last year's collaboration among the FBI, the government of The Netherlands and Russian antimalware vendor Kaspersky Lab to identify and apprehend the creators of the Shadow botnet, believed to have surreptitiously seized control of up to 150,000 computers worldwide.
Thomas also noted the successful partial disclosure of the DNS cache poisoning flaw discovered last year by IOActive Inc. researcher Dan Kaminsky. In March 2008, Kaminsky helped organize a secret vendor summit that led to a coordinated patch release before attackers could exploit the flaw.
Despite those successes, Thomas said there are many other threats that pose an immediate risk to enterprises. One that emerged prominently last year was international cyberwarfare, namely nations such as Russia and China mounting digital offensives against nations and other entities.
Though some believe the threat of cyberwarfare is overblown, Thomas said it is "absolutely a reality," noting documented, government-sanctioned attacks mounted by Russia against its neighbors, including Estonia and Georgia, which are usually in support of military operations. "If you ever get into a conflict with the Russian military, you have to expect a cyberattack."
Thomas said other nations and nation-states have sought more involvement in cyberattacks. He said China's offensive capabilities will equal those of Russia by the end of 2009, South American nations are quickly becoming more sophisticated in their efforts, and that Muslim extremist leaders have issued fatwas legitimizing the use of Internet attacks and fraud to raise funds.
Thomas said cyberterrorism could be one of the top information security dangers likely to worsen in the next five to 10 years. He said it's likely that a terror group will launch a cyberattack against a socioeconomic or political target coinciding with a physical attack.
While the cyberterrorism event itself may or may not be effective, Thomas said a strong government response seeking to prevent future incidents will undoubtedly be a disruptive event for the information security industry in the form of new laws and/or information security guidelines.
Organized cybercrime has also become a major source of concern. Thomas said tightly managed underground businesses have developed solely to profit from malicious activities like botnets, spamming, spear-phishing, and the planting of Trojans and rootkits.
Even though they originated in third world countries, the attacks were most often spawned from a single consecutive IP address range, making them easy to stop. Today, Thomas said, not only do large-scale attacks originate from hard-to-block dispersed IP address ranges intermixed with those used by the general public, but they are also supported by "bullet-proof" ISPs, which receive kickbacks from attackers in exchange for ignoring their malicious activities.
Thomas added that some cybercrime organizations have taken their enterprises to the next level by opening multilingual call centers in countries like Romania so that, for instance, if a potential victim dials a phone number listed in a spear phishing email, he or she will be answered by a seemingly legitimate call center worker.
"These are highly specialized cyber-cartels that will protect their revenue streams by any means," Thomas said.
In addition, Thomas noted Internet Protocol version 6 (IPv6) as a long-term threat. Though U.S. adoption of IPv6 is still a long way off, Thomas said foreign attackers in Europe and Asia, where IPv6 is already being implemented, are learning how to take advantage of it. That means when U.S. organizations make the switch, their security operations teams will likely face an immediate disadvantage in defending their networks against more experienced attackers.
Attendee Pete Storm, a security manager at a non-profit education company, said with so many current and emerging threats, the seemingly inane task of surfing the Web has become fraught with danger.
Storm said that, for example, if his users have to visit foreign websites as part of their jobs, even legitimate sites could be infected with difficult-to-detect malware. Despite being an information security pro, he lamented the labor-intensive challenge protecting his own systems has become.
"And the average users?" Storm said, "They're screwed."