Security attacks today too complex to stop
KUALA LUMPUR--Cyber security attacks today have become so complex that there may be no real way to completely protect against them, warn Internet security researchers.
Speaking to the media here at this week's Hack in the Box Deep Security Knowledge Conference, Lance Spitzner, president of the Honeynet Project, said malicious software writers have been producing sophisticated codes, motivated mainly by the prospect of making millions of dollars from their exploits.
"The techniques used by criminal hackers are changing so rapidly now that it's difficult to keep up with them," Spitzner told ZDNet Asia, on the sidelines of the conference. "In the end, it's all about returns on investment (ROI) [for the hackers] because by changing their attacks, there is so much more money to make."
An organization dedicated to improving the security of the Internet, the Honeynet Project employs a network of "honeypots", Internet-attached servers that behave as decoys, to lure potential hackers in order to study their techniques and monitor malicious activities.
Spitzner said that in the past, security threats on the Internet were motivated by notoriety, creating chaos or fame rather than on profiteering from their exploits.
But, since 2003, he noted that hackers have become extremely organized and have changed their focus from traditional to Internet crime. And, it is all about the money now.
"We are dealing with sophisticated attacks that are constantly adapting and changing, with the end goal of making as much money at the lowest risks levels possible," Spitzner said. "In the past 18 months, what has astounded me is not how sophisticated the tools are, but how fast they have adapted and changed."
A good example of how fast criminal hackers are adapting is evident in the recent resurgence of the Storm Worm--first discovered in January--last month, which lured unsuspecting Netizens into downloading malicious codes in their PCs, he said.
Like Trojans, these codes are then used to steal valuable data such as bank account numbers and passwords, he added.
Spitzner noted that users can best protect themselves by observing basic security practices. "Prevention is the best policy," he said. "For instance, make sure your browsers have the latest patch and stay away from dodgy Web sites. Our research has shown that taking such steps will dramatically reduce the risks of being infected."
Mikko Hypponen, chief research officer at security company F-Secure, agreed that malicious codes in the market today are a lot more advanced and stealthy than those previously seen.
"Banking Trojans", for instance, are the latest iteration of malicious software capable of stealing data even from most careful of users, Hypponen said in his keynote address at the conference Tuesday.
"Banks today have made it harder for malicious activities such as phishing, to take place by using simple static username, pin and password authentication mechanisms, or the use of one-time passwords, challenge-and-response pairs and token authentication," he explained.
"However, these methods don't address man-in-the-middle attacks or banking Trojans," he said. "This kind of software silently sits on an infected computer for weeks until a user logs online into his bank to pay some bills. When that happens, the Trojan silently inserts [fake] 'bills' without the user's knowledge [and makes it seem] as though he is paying his bills."
From the banks' perspective, the transaction looks legitimate but in fact it is not, Hypponen said.
"Money is then stolen by hackers...and despite the fact that the user had taken precautions to log on to a legitimate Web site, and the connection secured by encryption," he said.
According to Hypponen, there is currently no security tool to effectively protect against banking Trojan exploits. So, he added, the best form of protection is to stop the malicious code from infecting the PC in the first place.
"Such exploits happen when these Trojans successfully penetrate a PC by fooling the user into opening an e-mail attachment, or going to a malicious Web site," he added.
"To ensure that this does not happen, users must be extremely careful what e-mail attachments they open, even if [these files sent] by a known source, and to be wary of dubious Web sites sending out these e-mail," Hypponen advised.
"User also need to ensure that they have the latest patch installed on their browser so that it cannot be exploited, and an up-to-date antivirus and antispyware signature."
Edwin Yapp is a freelance IT writer based in Malaysia.