Intrusion attacks made easy

While network intrusion and malicious code attempts are on the rise, the knowledge needed to launch them is decreasing with the growing popularity of downloadable virus tools.

This was the message Michael Murphy, the Canadian general manager of Symantec Corp. delivered to delegates at Showcase Ontario 2003.

“The knowledge required to launch an attack is minimal,” Murphy said during his presentation at the provincial government’s annual conference, exhibition and awards event. “Most of the attacks today – worms, viruses, Trojans – are done by amateurs.”

There are currently more than 30,000 Web sites available to anyone who wants to download “click and hack tools,” Murphy said. To make matters worse, not only are those with a limited understanding of technology able to launch attacks, those with some IT experience are now able to launch a more aggressive intrusion campaign.

“With these automated tools and a certain level of basic expertise…the complexity of attacks is increasing much more rapidly than we’ve seen in the past,” he said. “Clearly the tools available are lowering the bar for hackers to launch attacks.”

When it comes to security management challenges, Murphy said it is important to understand the value of what you are protecting and the level to which it should be safeguarded.

“So often we see…a $5 fence around a million dollar asset, or a million dollar fence around a $5 asset.” he said. “We need to look at what we’re protecting, what is the risk and what is the impact to the business.”

A proper business impact analysis will allow an organization to spend appropriately on the areas they wish to secure, Murphy stressed.