Researchers: Cyberattacks outstripping defences

Changing techniques and increasingly sophisticated codes are making it difficult to completely protect against hackers' attacks
Written by Edwin Yapp, Contributor

Cyberattacks today have become so complex that there may be no real way to completely protect against them, internet security researchers have warned.

Speaking to the media in Kuala Lumpur at this week's Hack in the Box Security Conference, Lance Spitzner, president of the Honeynet Project, said malicious software writers have been producing sophisticated codes, motivated mainly by the prospect of making millions of dollars from their exploits.

"The techniques used by criminal hackers are changing so rapidly now that it's difficult to keep up with them," Spitzner said. "In the end, it's all about returns on investment [for the hackers] because, by changing their attacks, there is so much more money to make."

An organisation dedicated to improving the security of the internet, the Honeynet Project employs a network of "honeypots", internet-attached servers that behave as decoys to lure potential hackers in order to study their techniques and monitor malicious activities.

Spitzner said that, in the past, security threats on the internet were motivated more by the desire for notoriety, creating chaos or fame, rather than by the desire for profits.

But he noted that hackers, since 2003, have become extremely organised and it is all about the money now.

"We are dealing with sophisticated attacks that are constantly adapting and changing, with the end goal of making as much money at the lowest risk levels possible," Spitzner said. "In the past 18 months, what has astounded me is not how sophisticated the tools are but how fast they have adapted and changed."

A good example of how fast criminal hackers are adapting is evident in the recent resurgence of the Storm worm — first discovered in January — last month, which lured unsuspecting web users into downloading malicious codes onto their PCs, he said.

Like Trojans, these codes are then used to steal valuable data, such as bank account numbers and passwords, he added.

Spitzner noted that users can best protect themselves by observing basic security practices. "Prevention is the best policy," he said. "For instance, make sure your browsers have the latest patch and stay away from dodgy websites. Our research has shown that taking such steps will dramatically reduce the risks of being infected."

Mikko Hypponen, chief research officer at security company F-Secure, agreed that malicious codes in the market today are a lot more advanced and stealthy than those previously seen.

"Banking Trojans", for instance, are the latest iteration of malicious software capable of stealing data even from most careful of users, Hypponen said in his keynote address at the conference on Tuesday.

"Banks today have made it harder for malicious activities, such as phishing, to take place by using simple static username, pin and password-authentication mechanisms, or the use of one-time passwords, challenge-and-response pairs and token authentication," he explained.

"However, these methods don't address man-in-the-middle attacks or banking Trojans," he said. "This kind of software silently sits on an infected computer for weeks until a user logs online into his bank to pay some bills. When that happens, the Trojan silently inserts [fake] 'bills' without the user's knowledge [and makes it seem] as though he is paying his bills."

From the banks' perspective, the transaction looks legitimate but in fact it is not, Hypponen said.

"Money is then stolen by hackers… despite the fact that the user had taken precautions to log on to a legitimate website, and the connection [was] secured by encryption," he said.

According to Hypponen, there is currently no security tool to effectively protect against banking Trojan exploits. So, he added, the best form of protection is to stop the malicious code from infecting the PC in the first place.

"Such exploits happen when these Trojans successfully penetrate a PC by fooling the user into opening an email attachment, or going to a malicious website," he added.

"To ensure that this does not happen, users must be extremely careful what email attachments they open, even if [these files are sent] by a known source, and be wary of dubious websites sending out these emails," Hypponen advised. "Users also need to ensure that they have the latest patch installed on their browser so that it cannot be exploited, and an up-to-date antivirus and antispyware signature."

Editorial standards