In the most recent past, what we’ve seen is a continuing evolution of very sophisticated, complicated attacks that include both traditional volume-based attacks, like SYN floods, UDP floods, that include non-volume attacks like directed attacks, sequel injections, low and slow attacks, attacks that are born from modern day applications, encrypted floods, encapsulated attacks and now a broadening to a category of FTP and SMTP floods.
As we move forward we can see that it’ll be easy to by pass current protection mechanisms, such that people are using which are very simple, like CDN protections, NetFlow detection systems, simple scrubbing in environments that do not have local detection. This will be the future.
These attacks will grow in complexity which will include, SIP-based attacks which we’re seeing a large increase in. That’ll include SMTP based attacks, especially for environments where email is absolutely vital; attacks on your eco system cloud providers; an encapsulated attacks, IPv6 and 4, 4 and 6; TLS attacks, encrypted SMTP environments and the machine to machine attacks.
These will be all complicated in that the platforms of the attacks will be taking advantage of the modern, major trends going on in information technology. The mobile trend, the trend to have unmanaged mobile devices, which would be leveraged as part of amplified attacks.
So you can imagine in the future, you’ll have automobiles, television sets, refrigerators, treadmills, all participating in a DDoS attack as they’re compromised. You’ll also have the modern day trend of software-defined networks, which will open up categorical elements to be able to attack you from within your environment, as the controls from that infrastructure start to become vitally deployed and moved.
You’ll have also a trend which will be to lock-down your environment by the government. The government will start to enforce compliance of critical infrastructure via laws, regulations, and standards. So the attacks will change, the requirements will grow up, and the overarching trends on IT will exasperate your problem.
Common Security Threats
One security technique that is impossible to detect electronically is something called social engineering. Social engineering is with somebody communicates with you directly on a social level to try to gather information from you or get you to do something. A common way for this social engineering to manifest itself is with a phone call.
Let’s say, you get a phone call at your desk. It sounds like somebody is from the Help Desk. They give a name of somebody you know in the Help Desk. They talk about your department, where you happen to be. They have information about where your office is and they’re saying that they’re having a problem. All they need is your user name and your password, and they’ll be able to solve this problem without there being any issues whatsoever. And because you’re now trusting this person, you’re more apt to provide them with the information that they’re looking for.
You also want to look for social engineering that might be in your building. Maybe it’s somebody walking in, they say they’re with the telecommunications company. Maybe they’re there to fix a copier. You want to be sure that everybody follows the right processes, that everybody has badges, that you’ve checked their identification, so that you can make sure that nobody is gaining access to resources that they should not be. Some of the most important assets that your organization has is the data that’s on your computer systems. And that data becomes extremely valuable.
It’s a very, very easy way for people to gather those pieces of information. Sometimes they will even putsoftware on your computer, so that any time of day, if they would just like to connect via a remote desktop or web cam session, they’re able to do that, as well.
So make sure that you’re very aware of your surroundings, and so that you know that nobody’s looking into your screen when they should not be.
There’s been a huge increase in the amount of malware that we’re seeing and the malware can take all kinds of different forms. Maybe it’s something that sits behind the scenes and simply watches everything that you type in and then sends those key strokes out to a central server that they used to gather your user name, your password, your credentials that you use to log into your bank, for instance.
Maybe they’re only interested in putting some software on your computer, so that later on they can have your computer perform tasks for them. Maybe your computer is participating in a distributed denial of service attack, and you’re just one of those devices sending that information. Maybe your device is now spamming, sending out emails.
It all depends on what the malware authors want to do. Maybe the malware is going right after your pocket book. Maybe they want your money. They’re encrypting information on your computer. They’re locking it up, and they’re putting a message on the screen that says, you’ve been doing something illegal. To unlock the computer, you have to give us $200. And to do that, you simply send information through these processes. In fact, they put the logos right at the bottom of the screen to tell you where you can wire that money. Obviously, this is illegal.
And this is not something that you have done illegal. The bad guys are simply locking your machine up in the hopes that you’ll send them this cash. And maybe it’s just a virus. Maybe it’s there just to delete information or make your system unusable. Regardless of the method that’s being used and the information that’s being gathered, all of these things can create problems for you and send information out to the bad guys.
A security threat that’s not as common as malware, but certainly is very much a concern are rootkits. Rootkits come from the name “root” in Linux. And we call them rootkits, because they get into the kernel of your computer and they modify some of the core system files that are on your system.
What’s even worse is they become invisible. It’s impossible to find this rootkit through normal means. You won’t see it in your Task Manager. You won’t see the files necessary for the rootkit, because it’s part of the operating system kernel itself. Because of this, the anti-virus that you have, the anti-malware that you’re running, they can’t see any of this rootkit information.
So therefore, they can’t identify it and certainly can’t remove it from your computer. Things like hiding in the operating system is very common, whether it’s something that’s integrated to the kernel or maybe it’s hiding in plain sight.
For instance, if you look at your Windows system folder, it’s about 800 megabytes of information and 2,000 files. If I simply add another file into this directory, are you even going to notice? There’s so much information in there currently. And if I give it an odd name, like run32dl1.dll, and I’m the listing through the files, I might even miss it then.
These rootkits use a lot of different ways to hide themselves, so make sure that you keep your operating system updated so these rootkits can’t find a way onto your system in the first place.
One of the most notoriousrootkits– and we’re still talking aboutthis rootkit today– was in 2005 from Sony BMG. You got a music CD. You put it into your computer. And behind the scenes, without your permission, without any messages, it installed a DRMapplication, a digital rights management application, onto your computer.
That was a rootkit. It could take any file, any directory, any process, any registry key, and it could hide itself by simply using $sys$. And so it hid itself, effectively becoming a rootkit. Now what was interesting is because this rootkit was in place and so many people were listening to these CDs, now the bad guys thought, I could hide my code and my malware using exactly the same technique. And it didn’t take long for the bad guys to do this.
Sony created a patch for this to try to roll some of these problems back. But of course, the patch itself created another avenue for bad guys to install malware. So that didn’t work very well. Ultimately, there was a lawsuit that was settled in December of 2005. The CDs were recalled, and everybody got $7.50 for their troubles, that of course, they could use to buy more music. Not sure that was a great result, but ultimately, it showed us that these rootkits can be a significant problem.
What the bad guys have found, though, is that it’s exceptionally easy to get information from you without even installing software on your computer. They do this through a method called phishing.
This phishing method is a little bit of social engineering. It’s a little bit of spoofing. They combine it all together,and they get your user name and your password. You usually see this show up in something like a mail message and it looks like a mail message from someone you trust. That mail message says, I saw a funny video of you on the internet.
Click here, and we can have a look at it and laugh at it together. When you click, it takes you, perhaps, to YouTube, but it presents you with your YouTube credentials.
Then you put in your YouTube credentials, but what you don’t realize is that really wasn’t the YouTube page. When you put in your credentials, you’re really putting in your credentials on the bad guy’s site. Now they have your credentials for YouTube.
What if it’s something that’seven worse than that?
Maybe you’re logging in, or you think you’re logging in, to Paypal but if you look at it, it looks just like the Paypal site. Everything looks exactly the same as when you would normally log in to Paypal. However , the URL is not actually the Paypal site. If you weren’t specifically looking for that, this would look just fine.
Sometimes, though, you can find little things that are wrong. You can find a misspelling, or you can find, for instance, an image that isn’t loading properly on the site. And that might tip you off that this may not be the actual site that you’re looking at.
There’s something also called spear phishing, where the bad guys are identifying very specific users and targeting those people directly. If you want to have access to somebody’s Twitter account, then you need to find out who manages it. And you send that spam to try to get them to log into a fake Twitter site that’s now going to give you those credentials.
It’s exceptionally easy. The bad guys don’t need to install any software on your computer. All they’re doing is making you click the wrong thing and input information into something that looks legitimate, but it really isn’t.
Of course, we’re still having significant problems with viruses on our computers. These viruses are little pieces of code that are able to get onto your computer and then reproduce themselves, just like a real virus in the human body.
It doesn’t require that you click anything, all it needs you to do is run a program. It piggy backs along with that program, and then spreads itself somewhere else. Not only can it reproduce through the file system that’s on your computer, but viruses these days can reproduce across the network. And since we’re all connected to networks these days, it’s an exceptionally easy way for the virus to move from system to system.
Some viruses you may not even notice. They’re so innocuous. They don’t really do anything on your computer, or maybe they’re waiting for a certain amount of time. So you don’t even know that they’re there. Other types of viruses are very invasive. They’re deleting files. They’re creating high levels of utilization, and you have to find some way to remove that virus from your computer.
There’s a lot of different antivirus applications out there. You need to make sure you’re running one on your computer. And we’re finding new viruses, thousands of new viruses, every week, which means you also have to make sure that you update those signatures. So even if you’re running an antivirus program, that doesn’t do you any good unless you’re constantly getting those updates from your antivirus manufacturer.
Photo Credit: mobileactiveorg