Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

IT's 9 biggest security threats

Roger A. Grimes | Aug. 28, 2012
Hacking has evolved from one-person crime of opportunity to an open market of sophisticated malware backed by crime syndicates and money launders

All in all, the setup used by today's malware writers makes it very difficult for IT security pros to defend against their wares.

Threat No. 6: Botnets as a service

Botnets aren't just for their creators anymore. Having more than likely bought the malware program that creates the bot, today's owners will either use the botnet for themselves or rent it to others by the hour or another metric.

The methodology is familiar. Each version of the malware program attempts to exploit thousands to tens of thousands of computers in an effort to create a single botnet that will operate as one entity at the creator's bidding. Each bot in the botnet eventually connects back to its C&C (command and control) server(s) to get its latest instructions. Botnets have been found with hundreds of thousands of infected computers.

But now that there are so many active botnets (literally tens of millions of infected computers each day), botnet rentals are fairly cheap, meaning all the more problems for IT security pros.

Malware fighters will often attempt to take down the C&C servers and/or take over their control so that they can instruct the connecting bots to disinfect their host computers and die.

Threat No. 7: All-in-one malware

Today's sophisticated malware programs often offer all-in-one, soup-to-nuts functionality. They will not only infect the end-user but also break into websites and modify them to help infect more victims. These all-in-one malware programs often come with management consoles so that their owners and creators can keep track of what the botnet is doing, who they are infecting, and which ones are most successful.

Most malicious programs are Trojan horses. Computer viruses and worms have long since ceased to be the most popular types of malware. In most cases, the end-user is tricked into running a Trojan horse that's advertised as a necessary antivirus scan, disk defragmentation tool, or some other seemingly essential or innocuous utility. The user's normal defenses are fooled because most of the time the Web page offering the rogue executable is a trusted site they've visited many times. The bad guys simply compromised the site, using a host of tricks, and inserted a few lines of JavaScript that redirect the user's browsers to the Trojan horse program.

Threat No. 8: The increasingly compromised Web

At the most basic level, a website is simply a computer, just like a regular end-user workstation; in turn, Webmasters are end-users like everyone else. It's not surprising to find the legitimate Web is being increasingly littered with malicious JavaScript redirection links.

But it's not entirely a matter of Webmasters' computers being exploited that's leading to the rise in Web server compromises. More often, the attacker finds a weakness or vulnerability in a website that allows them to bypass admin authentication and write malicious scripts.


Previous Page  1  2  3  4  5  Next Page 

Sign up for CIO Asia eNewsletters.