Security managers often find it frustrating that the development of threats always seems to be a step ahead of protective measures.
Last week at the Information Security Decisions conference in New York, some security experts offered their projections of how the threat landscape will change over the next year -- and suggested mitigations.
The dawn of the megaworm
For example, William Hancock, CSO of UK-based Cable and Wireless, predicts a megaworm, combining features currently seen in single worms, will appear soon. "Most worms do not carry a destructive payload. In a lot of ways they look like parts of a program," he said.
Such a worm would propagate very quickly, affecting parts of the Internet "but it wouldn't take the Internet down," Hancock said.
A good way to protect against such a worm is by making sure all unnecessary services are turned off, Hancock said. For example, the Slammer worm last year exploited a vulnerability in Microsoft SQL Server via port 1434. It really wasn't an issue for Cable and Wireless because that port generally wasn't used, Hancock said.
Worms writers create for cash, not just kicks
Worms are now being created for profit, no longer just for kicks or to demonstrate coding proficiency. For example, the Sobig-F worm last year was created with "real criminal intent," said John Frazzini, CEO of Security Systems Integration Corp.
Organized malicious code writing and hacking groups in China, the former Soviet Union and Brazil are becoming increasingly skilled. Radical Islamic groups have also flirted with computer crime though they are currently less organized than other groups, Frazzini said. "But that could change as they interact more with groups from Eastern Bloc countries."
As organized groups take further advantage of hacking and worm writing techniques, there may come a time when the government has to borrow a page from its playbook for battling organized crime. Federal prosecutors used the Racketeer Influenced and Corrupt Organizations (RICO) Act to take down many of the major organized crime figures.
Frazzini once tried to use RICO to prosecute computer criminals when he was a Secret Service agent but the US attorney didn't think it would be successful. "But I think ultimately terrorists will necessitate using it," he said.
Gone are the days of the cute and fuzzy hacker
The motivation for worm writing isn't the only thing that is changing. Hacking is no longer something mischievous but is serious business. "If you are hacking and are not part of an organized crime group … they haven't identified you yet," said William Hugh Murray, an executive consultant for Herndon, Va.-based TruSecure Corp.
Hackers are being seen less as heroic, Robin Hood-type figures as well, which is a good thing for security professionals, Murray said. Employers are coming to the realization that hiring them probably encourages more hacking.