So you keep all of your anti-virus software and firewall signatures up to date. If you’re a Microsoft Corp. shop, you download and install updates as soon as you get the alerts. You don’t give your users more administrator rights than they actually need. If you do all of this, do you actually have anything to worry about?
It depends on who you ask.
James Quin, senior analyst with London, Ont.-based Info-Tech Research Group, advises network administrators to pay attention to the settings they enable on their firewalls for outbound traffic.
“If you have good malware infrastructure, good patching protocols, and good outbound firewall rules, then a botnet problem is extremely unlikely,” Quin said.
This doesn’t mean you are safe from all security threats.
With threats such as last year’s Conficker worm, Zeus Trojan, and Koobface worm, industry experts warn phishing, social networking and smart phones are methods miscreants will use to get data and vandalize IT systems.
Quin noted user education is at least as important as having the correct tools in place.
“Organizations need to make a philosophical shift from security as a tools-based solution, to security as a process-based solution,” Quin said. “There has been an overemphasis on technological solutions. We need to get beyond the latest whiz-bang technology.”
In 2010, Quin predicts variants of malware will be released more quickly and hackers will shift their phishing targets to corporate victims. This is so they can get sensitive corporate financial information that will help the cybercriminals steal more money.
Although some phishing e-mails are obvious, Quin said phishers will become much better at making it difficult to tell they are not from the organizations they claim they represent.
Fiaaz Walji, Canadian country manager for Websense Inc., agreed.
“If I get something (purporting to be) from a bank, I call them and find out if it’s true, using the phone numbers I currently have,” Walji said.
Beware of Web 2.0
The increased use of Facebook, Twitter and other so-called Web 2.0 sites are making corporate users more vulnerable, Walji said.
San Diego-based Websense’s services include hosted e-mail and the ThreatSeeker Network, which uses behavioural and reputation analysis.
“The top 65 per cent of Web sites are user generated content, whether it’s a blog or Youtube or a social networking site,” Walji said. “The Web 2.0 world is the most vulnerable, no matter how much you have invested in firewalls and anti-virus. They change on an hourly basis if not more quickly.”
Walji said users should have services that get threat updates constantly. Otherwise, companies could end up with keyloggers on their systems, losing data and losing the confidence of customers. He cited as an example Heartland Payment Systems Inc., a credit card and debit card payment processing firm, which had millions of customers’ numbers compromised through a SQL injection attack. Albert Gonzales, who pleaded guilty in the U.S. to hacking both Heartland and TJX Companies Inc., is expected to spent at least 17 years in jail.
Walji said other threats users should watch for include malware written specifically for smart phones.
Derek Manky project manager for cyber security and threat research at Fortinet Inc.,
“Mobile threats are much more fragmented because each threat needs to be adapted to its platform,” Manky said. “There are more software development kits for those platforms, and more resources available.”
He added the most prevalent threats are those written for Nokia’s Symbian operating systems for wireless devices.
Sunnyvale, Calif.-based Fortinet’s products include the FortiGate hardware, which includes firewalls, virtual private networking, intrusion prevention and anti-virus in one piece of hardware.
Manky does not believe that managing patches is enough to keep users safe because some hackers are able to launch attacks before vendors release patches. A case in point is Adobe Systems Inc., which announced in December that a patch to protect Acrobat would not be ready until Jan. 12.
San Jose, Calif.-based Adobe released version 9.2 of its software last year, plugging 30 security holes it had discovered in its Portable Document Format (PDF) reading and writing software.
Another major threat this year will be “crime as a service” kits that programmers make available to hackers, Manky said.
“It’s making cyberspace a more dangerous place because these services are very accessible to any up and coming hacker,” he said. “One will distribute your code to 1,000 machines for $140 in any region you want.”
To protect from botnets or distributed denial of service attacks, it’s important to limit administrator rights, said Dragana Vranic, director of managed services for Skokie, Ill.-based Forsythe Technology Inc.’s Canadian unit.
“To lock what can be installed on that desktop is very important,” she said. “There is no single tool that can protect you. It’s a combination of tools”
Quin said this year, users will become more concerned about the integrity of data and will not focus so much on keeping confidential information from prying eyes.
“One of the things that is becoming more of a concern is making sure your data is accurate, that it’s representing what it’s supposed to represent.”
This issue was brought to the forefront by accounting scandals at both Enron Corp. and Worldcom Inc., Quin said.
WorldCom, which is now known as MCI, filed in the U.S. for creditor protection in 2002 after executives falsified records. The company’s former CEO, Bernard Ebbers, was convicted of securities fraud and is now in jail. Enron, an energy firm that collapsed in 2001, has focused for the last five years only on reorganizing assets and paying back creditors.
“What is someone maliciously changes the data so that you’re reporting false earnings or that you’re making business decisions as a result of inaccurate information?” Quin said, adding firewalls alone will not prevent this type of fraud.
“Most threats nowadays are financially motivated,” Manky said. For example, scareware refers to hackers who make fake anti-virus software, while ransomware is when hackers extort money from companies by infecting a system and then threaten to encrypt, corrupt or destroy data if they are not paid what they demand.
“The ransomware threat is the most disturbing one.”