Protecting Data from Organized Crimeware
Attacks, whether from internal or external sources, are nothing new. However, there have been many reports (from Panda Security, PricewaterhouseCoopers and M86 Security, for example) over the past year or so indicating that the state of the economy is to blame for the recent increase in computer crime, as it gives malicious parties more motivation to steal. It's as hard to argue with this common-sense argument as it is to figure out why these companies think this is innovative research. (Come on, people. Is it really noteworthy that when times are tough more people steal? Ask Jean Valjean if this is something new.) New or not, data theft is getting more and more attention from c-level executives. The PricewaterhouseCoopers report mentioned earlier also stated that "protecting data elements is now a top priority at-arguably-the most critical time." The proportion of surveyed organizations reporting that they have a DLP strategy in place has increased from 29 percent in 2008 to 44 percent in 2009. Many survey respondents indicated that "their organization continuously prioritizes data and information security assets according to their risk level."This obviously puts malware at the top of the list of security concerns for everyone, from consumers to CISOs. In the past year, we've seen a dramatic increase in the number of variants of a single exploit (relegating signature-based anti-malware to the graveyard) and in the percentage of legitimate Websites that were exploited and used to plant malware on unsuspecting visitors (relegating Web content filtering solutions that rely on domain as the unit of analysis to a shallow grave next to signature-based anti-malware). Targeted attacks are also on the rise. McAfee, in its "2010 Threat Predictions" report from December 2009, described the widespread problem and delved into the example of GhostNet, "a network of at least 1,295 compromised computers in 103 countries." Patching systems to update software has become a critical function in many enterprises. In 2009, just about everyone (Symantec, McAfee, IBM Internet Security Systems ...) reported a rise in the number of attacks against applications. McAfee noted, "The favorite vector among attackers is Adobe [Systems] products, primarily Flash and Acrobat Reader." Security researchers find that many of the most common exploits are of vulnerabilities that were announced and patched five or more years ago. This threat could be mitigated simply by patching on a regular basis. However, patching is tedious and time-consuming.
Today's information security battle is about money. International crime syndicates rent time on botnets and later help low-level criminals launder money stolen by banking Trojans such as the Zeus and Silentbanker families. It used to take a skilled programmer to indulge in cyber-crime, but now even script kiddies can cash in as exploit kits built on Mpack and Gpack are widely available for download. Most kits come with a warranty, technical support and software version updates. The malware battle has spun so far out of control that, as M86 Security mentioned in its April report, "Web Exploits: There's an App for That," we're starting to see the evolution of an international service economy in which some are beginning to offer "crimeware as a service."