No slowdown in sight for cyber attacks, experts say

Jul 31, 2012 By Byron Acohido

Cyber attacks are accelerating at a pace that suggests the Internet - already a risky environment - is likely to pose a steadily growing threat to individuals and companies for years to come.

That's the somber consensus of security and Internet experts participating in the giant cybersecurity conference that concluded here last week.

Internet-generated comprise "the most significant threat we face as a civilized world, other than a weapon of mass destruction," Shawn Henry, former head of the 's cybercrime unit, told some 6,500 attendees in a keynote address.

Joe Stewart, Dell SecureWorks' director of malware research, presented research detailing the activities of two large cyber gangs - one based in Shanghai, the other in Beijing - that have cracked into the networks of thousands of companies over the past half dozen years.

The attacks invariably begin by infecting the computer of one employee, then using that machine as a toehold to patiently probe deep into the company's network. The end game: to steal customer lists, patents, bidding proposals and other .

Each gang is made up of dozens of employees playing complementary roles in attacks that are "stealthy and persistent," Stewart said. "Even if they do get discovered and get kicked out of a network, they come back, targeting a different employee."

Another gang, analyzed by Dell ' researcher Brett Stone-Gross, has been blasting out spam, designed to slip past spam filters. The messages carry instructions to click on a link to read bogus delivery invoices, airline reservations or cellphone bills. The link, however, takes the user to a web page that installs .

Stone-Gross said the gang currently has access to 678,000 infected PCs, some of which are used to carry out its lucrative specialty: orchestrating fraudulent wire transfers from online banking accounts.

Meanwhile, a different category of hackers is stepping up attacks, not on individual PCs, but on company websites. Website attacks now routinely occur thousands of times each, as criminals probe for ways to breach databases carrying usernames, passwords and other valuable data, said David Koretz, general manager of website security firm Mykonos, a division of Juniper Networks.

Some successful website hackers enjoy boasting - by publically posting some, if not most, of the stolen data. That's happened recently with data stolen from online retailer Zappos, matchmaking site eHarmony, business social networking site LinkedIn and search giant Yahoo, Koretz said.

Experts say Web attacks continue to escalate partly because powerful, easy-to-use hacking programs are widely available for free. What's more, opportunities for an intruder to take control of an individual's PC, or access and probe a company's network, are multiplying as society uses more Internet-delivered services and Internet-connected mobile devices.

"It's easier and safer for a criminal to steal money from an online bank account, rather than have to walk into a bank - or to steal intellectual property in an online setting, rather than have to send in a human spy," said Eddie Schwartz, chief security officer of security firm RSA, a division of EMC.

Explore further: LinkedIn membership hits 300 million

not rated yet
add to favorites email to friend print save as pdf

Related Stories

Facebook fights 'phishing' scam

May 01, 2009

Facebook Thursday said it has blocked a link at the heart of a "phishing" scam being used to dupe members into revealing passwords to accounts at the social networking website.

Cyber criminals cloak their tracks

Feb 13, 2008

The 2007 X-Force Security report from IBM finds a disturbing rise in the sophistication of attacks by criminals on Web browsers worldwide. According to IBM, by attacking the browsers of computer users, cyber criminals are ...

Corporations, agencies infiltrated by 'botnet'

Feb 18, 2010

(AP) -- Security experts have found a network of 74,000 virus-infected computers that stole information from inside corporations and government agencies. The unusual thing about the incident is not that it happened but that ...

A few hacker teams do most China-based data theft

Dec 12, 2011

As few as 12 different Chinese groups, largely backed or directed by the government there, commit the bulk of the China-based cyberattacks stealing critical data from U.S. companies and government agencies, according to U.S. ...

Recommended for you

LinkedIn membership hits 300 million

Apr 18, 2014

The career-focused social network LinkedIn announced Friday it has 300 million members, with more than half the total outside the United States.

Researchers uncover likely creator of Bitcoin

Apr 18, 2014

The primary author of the celebrated Bitcoin paper, and therefore probable creator of Bitcoin, is most likely Nick Szabo, a blogger and former George Washington University law professor, according to students ...

White House updating online privacy policy

Apr 18, 2014

A new Obama administration privacy policy out Friday explains how the government will gather the user data of online visitors to WhiteHouse.gov, mobile apps and social media sites. It also clarifies that ...

User comments : 4

Adjust slider to filter visible comments by rank

Display comments: newest first

kochevnik
5 / 5 (1) Jul 31, 2012
This article totally regards the fact that without M$ security holes, 90% of these attacks would disappear. M$ monopoly status allows them to not care whether their programs are secure, or even work. That is the real cause of insecurity, which allows crackers a foothold on the Internet to thereby attack every other kind of machine.
SatanLover
1 / 5 (1) Jul 31, 2012
propaganda for internet control.
alfie_null
not rated yet Aug 01, 2012
It's necessary to incorporate some representation of the damage done into a feedback loop in the system of acquiring and operating these potentially vulnerable machines.

Simply make the owners of vulnerable machines culpable. Adjust the amount of punishment dispensed until the problem is eliminated.
88HUX88
not rated yet Aug 01, 2012
and how will extraditing Gary Mckinnon help?
http://en.wikiped...McKinnon

More news stories

Hackers of Oman news agency target Bouteflika

Hackers on Sunday targeted the website of Oman's official news agency, singling out and mocking Algeria's newly re-elected president Abdelaziz Bouteflika as a handicapped "dictator".

Making graphene in your kitchen

Graphene has been touted as a wonder material—the world's thinnest substance, but super-strong. Now scientists say it is so easy to make you could produce some in your kitchen.

Low tolerance for pain? The reason may be in your genes

Researchers may have identified key genes linked to why some people have a higher tolerance for pain than others, according to a study released today that will be presented at the American Academy of Neurology's 66th Annual ...

How to keep your fitness goals on track

(HealthDay)—The New Year's resolutions many made to get fit have stalled by now. And one expert thinks that's because many people set their goals too high.