No slowdown in sight for cyber attacks, experts say

Jul 31, 2012 By Byron Acohido

Cyber attacks are accelerating at a pace that suggests the Internet - already a risky environment - is likely to pose a steadily growing threat to individuals and companies for years to come.

That's the somber consensus of security and Internet experts participating in the giant cybersecurity conference that concluded here last week.

Internet-generated comprise "the most significant threat we face as a civilized world, other than a weapon of mass destruction," Shawn Henry, former head of the 's cybercrime unit, told some 6,500 attendees in a keynote address.

Joe Stewart, Dell SecureWorks' director of malware research, presented research detailing the activities of two large cyber gangs - one based in Shanghai, the other in Beijing - that have cracked into the networks of thousands of companies over the past half dozen years.

The attacks invariably begin by infecting the computer of one employee, then using that machine as a toehold to patiently probe deep into the company's network. The end game: to steal customer lists, patents, bidding proposals and other .

Each gang is made up of dozens of employees playing complementary roles in attacks that are "stealthy and persistent," Stewart said. "Even if they do get discovered and get kicked out of a network, they come back, targeting a different employee."

Another gang, analyzed by Dell ' researcher Brett Stone-Gross, has been blasting out spam, designed to slip past spam filters. The messages carry instructions to click on a link to read bogus delivery invoices, airline reservations or cellphone bills. The link, however, takes the user to a web page that installs .

Stone-Gross said the gang currently has access to 678,000 infected PCs, some of which are used to carry out its lucrative specialty: orchestrating fraudulent wire transfers from online banking accounts.

Meanwhile, a different category of hackers is stepping up attacks, not on individual PCs, but on company websites. Website attacks now routinely occur thousands of times each, as criminals probe for ways to breach databases carrying usernames, passwords and other valuable data, said David Koretz, general manager of website security firm Mykonos, a division of Juniper Networks.

Some successful website hackers enjoy boasting - by publically posting some, if not most, of the stolen data. That's happened recently with data stolen from online retailer Zappos, matchmaking site eHarmony, business social networking site LinkedIn and search giant Yahoo, Koretz said.

Experts say Web attacks continue to escalate partly because powerful, easy-to-use hacking programs are widely available for free. What's more, opportunities for an intruder to take control of an individual's PC, or access and probe a company's network, are multiplying as society uses more Internet-delivered services and Internet-connected mobile devices.

"It's easier and safer for a criminal to steal money from an online bank account, rather than have to walk into a bank - or to steal intellectual property in an online setting, rather than have to send in a human spy," said Eddie Schwartz, chief security officer of security firm RSA, a division of EMC.

Explore further: Vatican's manuscripts digital archive now available online

not rated yet
add to favorites email to friend print save as pdf

Related Stories

Facebook fights 'phishing' scam

May 01, 2009

Facebook Thursday said it has blocked a link at the heart of a "phishing" scam being used to dupe members into revealing passwords to accounts at the social networking website.

Cyber criminals cloak their tracks

Feb 13, 2008

The 2007 X-Force Security report from IBM finds a disturbing rise in the sophistication of attacks by criminals on Web browsers worldwide. According to IBM, by attacking the browsers of computer users, cyber criminals are ...

Corporations, agencies infiltrated by 'botnet'

Feb 18, 2010

(AP) -- Security experts have found a network of 74,000 virus-infected computers that stole information from inside corporations and government agencies. The unusual thing about the incident is not that it happened but that ...

A few hacker teams do most China-based data theft

Dec 12, 2011

As few as 12 different Chinese groups, largely backed or directed by the government there, commit the bulk of the China-based cyberattacks stealing critical data from U.S. companies and government agencies, according to U.S. ...

Recommended for you

Kickstarter suspends privacy router campaign

Oct 20, 2014

Kickstarter has suspended an anonymizing router from its crowdfunding site. By Sunday, the page for "anonabox: A Tor hardware router" carried an extra word "(Suspended)" in parentheses with a banner below ...

User comments : 4

Adjust slider to filter visible comments by rank

Display comments: newest first

kochevnik
5 / 5 (1) Jul 31, 2012
This article totally regards the fact that without M$ security holes, 90% of these attacks would disappear. M$ monopoly status allows them to not care whether their programs are secure, or even work. That is the real cause of insecurity, which allows crackers a foothold on the Internet to thereby attack every other kind of machine.
SatanLover
1 / 5 (1) Jul 31, 2012
propaganda for internet control.
alfie_null
not rated yet Aug 01, 2012
It's necessary to incorporate some representation of the damage done into a feedback loop in the system of acquiring and operating these potentially vulnerable machines.

Simply make the owners of vulnerable machines culpable. Adjust the amount of punishment dispensed until the problem is eliminated.
88HUX88
not rated yet Aug 01, 2012
and how will extraditing Gary Mckinnon help?
http://en.wikiped...McKinnon