New Platform Vulnerabilities

By Robert Clyde  |  Posted 2003-04-08 Print this article Print

Except for limited circumstances, Windows has been the primary conduit for Internet security attacks. However, there are several emerging platforms that could become targets for fast-moving threats in the future. All of these will need appropriate security sooner, rather than later:

Web services. In the coming years, we expect to see increased use of Web services (Java and .NET-based) by both enterprises and government agencies to manage supply chains and exchange business information. Appropriately targeted attacks on these systems could have severe repercussions to our economy.

Because Simple Object Access Protocol (SOAP) typically runs on top of HTTP and therefore inherits any bugs and security holes in HTTP implementations, new extensions will be used to add security enhancements. These extensions will provide a standard way to ensure integrity, nonrepudiation, access control and identity approval. Market research firm ZapThink estimates the market for XML and Web Services security is expected to grow from $40 million in 2001 to $4.4 Billion by 2006.

Instant messaging (IM). We expect to see significant growth of IM in both the consumer and corporate space. In fact, IDC estimates the number of corporate IM users will grow to a whopping 300 million by 2005. While IM systems have the ability to fundamentally change the way we communicate and do business, many of todays implementations pose security challenges. Virtually all freeware IM systems lack encryption capabilities, and most have features to bypass traditional corporate firewalls, making it difficult for administrators to control their use inside an organization. Many of these systems have insecure password management and are vulnerable to account spoofing and denial-of-service attacks. Finally, IM systems meet all the criteria required to make them an ideal platform for rapidly spreading computer worms and blended threats: they are quickly becoming ubiquitous; they provide an able communications infrastructure; they have integrated directories that can be used to locate new targets (i.e., buddy lists); and they can, in many cases, be controlled by easy-to-write scripts.

Wireless. Wireless Internet connectivity is still an emerging area. Ovum Research forecasts wireless Internet usage to climb to 484 million users by 2005. Often deployed with relatively weak security protection, mobile devices represent a highly attractive infection vector for future malicious code. As consumer wireless adoption grows, and as there is increased standardization on wireless Internet-enabled applications (e-mail, IM, etc.), the possibility of an "over-the-air" Code Red-type threat will grow. Such an attack could potentially interrupt not only data communications, but also voice communications for significant numbers of users.

We also expect to see increased deployment of WiFi (802.11x) technology within the enterprise over the coming years. Research firm In-Stat predicts that wireless-using workers in the U.S. will rise to more than 60 percent in 2004 and business spending on wireless devices will increase to nearly $74 billion in 2005. Given the great amount of visibility wireless vulnerabilities received over the last year, we expect that most enterprise and government deployments will employ some level of security. However, we do expect that a significant number of unauthorized (and likely insecure) corporate wireless networks will be exploited by hackers.

Broadband. More than 500 million people worldwide have Internet access at home, and approximately 60 million of them have a broadband connection. Research firm eMarketer predicts the number of broadband subscribers worldwide will rise to 117 million by 2004, while In-Stat sees 120 million by 2005. As the number of home broadband connections grow, we could see a blended threat spreading from the hundreds of thousands of corporate machines infected by Code Red to tens of millions of home machines. A blended DoS attack launched from 10 million machines could potentially take down the business-to-business transactions of every Fortune 500 company.

Peer-to-peer networks. Public peer-to-peer file sharing systems are becoming increasingly popular. Weve already seen some threats targeted at these systems, such as the W32/Gnuman worm that targeted Gnutella users and the W32/Hello worm targeting MSN Messenger. Frost & Sullivan estimates that enterprise users who have access to P2P network will top 6.2 million by 2007, up from 61, 410 at the end of 2001. Similar to IM, these systems are highly connected and provide "always-on" accessibility to the Internet. Unfortunately, they also circumvent security by decentralizing security administration and shared data storage, as well as provide ways around firewalls and Network Address Translation (NAT) devices. We will likely see further attacks against the more popular systems in the years ahead.

Linux. One subtle trend involves the recent increase in malicious code targeting Linux systems. In 1998 we saw the first widespread example of a successful Linux threat, the Linux.ADM.Worm. In addition to its worm-like characteristics, it also exploited a widely known vulnerability, causing the compromise of a large number of systems. Until recently, however, there were relatively few successful attacks on Linux. That changed in September 2002 when the Linux.Slapper worm emerged and caused significant outbreaks.

In addition to Slapper, a number of highly sophisticated Linux viruses have emerged in recent months; these have had relatively little real-world impact so far, but we may not be so lucky in the future. In particular, these threats demonstrated that malicious code writers are developing a higher level of sophistication - a more professional nature - in programming and an increased familiarity with the Linux operating system and its applications.

With the Meta Group projecting Linux penetration at as much as 45 percent of the market for new servers by 2006 or 2007, we will watch the Linux threat landscape carefully over the next few years.

Grid computing. Some vertical industries are increasingly investigating grid computing to solve some of their more difficult computational problems. Grid computing enables organizations to focus the resources of many computers in a network to a single problem at the same time. These are typically scientific or technical and require a great number of computer processing cycles or access to large amounts of data. Market research firm Grid Technology Partners estimates that the worldwide grid-computing industry will grow at a compound annual growth rate of 276 percent, topping more than $4.1 billion by 2005. In the coming years it is plausible that we could see attacks on such systems - their inherent connectedness and distributed model could allow a threat to spread very quickly and do great damage. Deployment of such systems is still relatively low, but this is an area that should be carefully monitored for the security implications.

Online gaming. Online gaming will continue to grow rapidly in the coming years. According to DFC Intelligence, a San Diego-based consulting firm focused on interactive entertainment and video games, 114 million people worldwide are expected to be playing online games by 2006, compared with the approximately 50 million playing today. Because these systems are similar to the "always on" connections of IM (in fact many allow IM-type communications between players) and their popularity continues to grow exponentially, they will be ideal targets for vulnerability scans and subsequent blended threat attacks.


Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel