Home & Office

Security--it's now personal

Security attacks have become more targeted and personalized. To cope, consumers need to develop an online "sixth sense", Symantec says.
Written by Eileen Yu, Senior Contributing Editor

SAN FRANCISCO--Security attacks have taken on a more personal level, where cyber criminals no longer seek fame and recognition for their hacking prowess. Instead, they now launch attacks under a cloak of anonymity and in search of financial returns, say top executives from security vendor Symantec.

Speaking to reporters at the company's annual Vision conference here Wednesday, Symantec CTO Ajei Gopal said: "We're seeing a movement toward personalized attacks, where hackers target specific executives within an organization, for example, to demand money."

In fact, just last week, security vendor Sophos identified a new Trojan horse that could be used to hold its victims at ransom, forcing them to pay a sum of money in return for their stolen data files. Similar attacks, also dubbed "ransomware", were identified in March this year and as early as May 2005.

Symantec Chairman and CEO John W. Thompson said: "The main threat to information these days isn't necessarily a large-scale, fast-moving virus or worm. From 2002 to 2004, there were almost 100 medium-to-high risk attacks. Last year, there were only six." He added that the security community has made significant progress in keeping these kinds of threats under control.

"Today, we face a bigger and, perhaps, more insidious challenge," he said. "Sophisticated criminal elements are now behind many of today's attacks--and, unlike the hackers of the past, they are much more interested in anonymity than in notoriety. Threats are silent and highly targeted. What these criminals are searching for is personal and financial information--and they are looking to use it for serious financial gain."

To cope with the changing landscape, consumers need to be able to identify these cyber attackers so they can transact safely with legitimate businesses. Or what Thompson described as "the sixth sense".

"In the physical world, it's easy to walk into a store and get a sense of what kind of place it is," he explained. "Does the sales person know what they are talking about? Are they trying to sell you an old floor model? You get a feeling about whether it's smart to give them your business--much less your credit card. We have a sixth sense in the physical world."

Symantec unveils Data Center Foundation
The security vendor on Wednesday launched its new Data Center Foundation which encompasses the Veritas NetBackup, Storage Foundation, Server Foundation and i3 application performance management. Touting it as "the only integrated" offering that allows enterprises to operate a standardized infrastructure, Symantec said the new product suite allows companies to manage their data across a heterogeneous environment consisting of multi-vendor applications, databases, servers and storage products.
IT administrators, for example, will be able to seamlessly move data sitting in different software applications such as SAP and Oracle, and across a mix of IBM and Sun Microsystems servers. Data Center Foundation currently supports a range of platforms including server OSes such as Sun Solaris, HP-UX, IBM AIX, Red Hat Linux and Novel Suse Linux, storage devices from vendors such as EMC, HDS, IBM and Network Appliance, and software applications from Oracle, SAP, BEA WebLogis and IBM WebSphere.

However, he noted that this sixth sense is currently lacking in the online community. It is, therefore, "up to the business community" to assess what is safe and ensure online transactions and data are protected, he said.

At the conference, Gopal's research team showcased some technologies Symantec is currently developing in its R&D lab, which he said can help create this environment.

During a demo, attendees saw a security tool identify an online bank that has been a target of a phishing attack and alert its customers of the risk. The software displays a sample of what the phished e-mail message may look like, and provides customers with information on who they can call if they suspect their bank data has been compromised.

The tool can also be used to send an SMS to the bank's IT administrator of any new attacks. The IT staff can then view actions that Symantec carried out to mitigate the security risk, such as the number of phished e-mail messages that have been blocked, whether the bank's customers have been notified, and whether the relevant ISP (Internet service provider) has been advised to shut down the phishing site.

Describing such security tools as future technologies, Gopal was unwilling to give a timeframe on when these products are expected to be available in the market.

ZDNet Asia's Eileen Yu reported from San Francisco.

Editorial standards