New research shows attackers are finding more ways to create botnets that successfully attack target systems and evade botnet detection.
The Georgia Tech Information Security Center (GTISC) last week released its Emerging Cyber Threats Report, which offers insight into the malicious tactics it expects to be prevalent in 2011. The report, based on GTISC research and collaboration with security industry experts, covers the increasing sophistication of botnets, mobile attacks and related cybersecurity issues.There are over 50,000 apps that you can download from the Google App store, and over 10,000 of them are some sort of spyware, malware or phishing software.
GTISC advisory board member and CTOMobile Active Defense Partners, LLC.
Mustaque Ahamad, director of the GTISC, said botnet creators are succeeding in covering up botnet attacks by causing distractions to mask primary attacks. Typical botnet detection efforts focus more on larger scale attacks, creating a cover of sorts for smaller, more targeted malicious attacks, which makes them more difficult to track.
Another example of botnet sophistication, Ahamad said, are threats launched on the Web, like a worm in a computer, that are beginning to manifest on real, physical systems, such as an MRI machine. One infection the GTISC studied was the Conficker worm that infected hospital machines involved in patient care, among other victims. The worm did not destroy target machines or gather patient records, but Ahamad said the industry should be concerned merely by the fact that an MRI machine could have been controlled via an infected computer.
Ahamad also cited the danger of mobile attacks to enterprise networks. He said malicious hackers are actively finding more ways to get around the security of mobile devices to hack into other networks.
"The idea is that a lot of what we do currently on laptops will move to smartphones and the threats will migrate with these applications," Ahamad said.
These malicious applications can steal all kinds of sensitive information, including credentials used to access the enterprise network. This puts not only the user, but also the entire company at risk.
Rob Smith, a GTISC advisory board member and CTO of Mobile Active Defense (M.A.D.) Partners, a smartphone security company based in Atlanta, Ga., said the biggest threat vector that endangers mobile devices are the third-party application downloads.
"App stores are the greatest hostile software delivery system ever invented by man," Smith said. "There are over 50,000 apps that you can download from the Google App store, and over 10,000 of them are some sort of spyware, malware or phishing software."
"Apple apps are even worse," Smith added. Since people often believe Apple applications are exempt from malicious infection, few are security conscious when downloading or purchasing new applications from the iTunes Store. For example, Smith said, this past September, the Apple store sold a flashlight application for 99 cents. It became the No. 2 paid app in iTunes, when customers could get the same app for free. This app really had hidden code, a tool that enabled tethering and allowed users to use the iPhone as a modem when it was hooked up to a PC.
Apple does not have a system in place to track hidden codes; its vetting process only determines if the app does what its purveyors claim it does, and if so then it is approved for download.
Ahamad agreed that mobile devices in the enterprise represent an escalating risk. With the expansive use of a variety of mobile devices in the enterprise today, he said threats to the network are coming in different forms.
"You don't have the same security behind mobile devices as you would have behind your laptop," Ahamad said. "You have to make sure you don't leave any obvious weak spots from where things can find a way into the network."
Ahamad said it's important to understand the threats to the environment as a whole. Since there are so many heterogeneous devices in the enterprise today, an organization must be able to detect what devices are connected to its network at all times.
Looking forward, Ahamad said to thwart future malware, enterprises must ensure their defenses are proactive in nature and use a variety of techniques to identify potential threats.
"We need to change our paradigm," Ahamad said. "We need to be thinking ahead of time and have the right defenses in place. Understanding threats is as important to securing systems as actually coming up with the security techniques."