Symantec: Profit-Driven Cyber-Crime Wont Stop

Of all the IT threats facing enterprises today, the growing trend toward criminal attacks seeking valuable information and tangible assets will dominate the security landscape in years to come, according to researchers at the company.

Enterprise security systems will continue to be challenged by increasingly sophisticated threats launched by criminals seeking to steal sensitive information and material assets, according to top researchers at Symantec.

While less-organized hackers and spammers will hammer away at network defenses with large volumes of simplistic threats, the emerging generation of professional cyber-criminals armed with cutting-edge malware code will only grow stronger and more evasive, said Vincent Weafer, senior director of development of Symantecs Security Response research division, in Cupertino, Calif.

Those criminals will increasingly blend multiple forms of threats to evade security programs and make their work harder to detect, mixing up cocktails of polymorphic viruses, rootkits, and zero-day exploits delivered via image spam and powered by far-ranging bot networks, the researcher said. Weafer contends that even as companies adjust their security systems to ward off such attacks, cyber-thieves will react quickly and tailor their work to target specific organizations and users.

The evolution of malware threats into hybrid attacks will dominate the high-end of the hacker community in years to come, he said, as evidenced by the 23 percent increase in malware-laden image spam e-mails that Symantec has tracked over the last six months. Programs such as the Rustock Trojan horse virus, designed specifically to evade advanced heuristic security systems, will become the norm among the most talented attackers, Weafer contends.

Some of the best evidence of this trend can be found in todays rapidly morphing botnets, which are becoming significantly more difficult to shut down. Whereas the behavior of traditional bot systems could be detected relatively easily by security systems, and researchers could work with ISPs to find and shut down Web sites hosting the attacks, criminals have already taken their work to the next level, using legitimate sites that have been hacked to further cloak their efforts.

"Unlike the old days where botnet hosts reached out to a single site to update, were now seeing them going to legitimate sites and then redirecting to other URLs, which is undermining our ability to choke off the source," said Weafer. "Based on the ability of existing security systems to catch most of the low-level attacks and spam, the perception among [CIOs] is that things are getting better, but things are actually getting worse, driven by the ability of hackers to generate profits."

In addition to ramping up their technological efforts, cyber-criminals are also adopting new social engineering tactics that are helping them get over on even the most wary users. Symantec has recently observed at least one attack that used names taken from an investment companys customer newsletter subscription database to lure people into swallowing its bait. The use of data-mining technologies to piece together multiple streams of information that can be used to target a specific company or user will only increase, the researcher said.

/zimages/4/28571.gifSymantecs software is tops at detecting and removing stealth rootkits, according to one study. Click here to read more.

Another so-called threat vector with growing popularity among the malware elite is the use of Web services technologies such as AJAX (Asynchronous JavaScript and XML) by Web site operators. Since developers are using the technology—meant to boost the interactivity of their sites—without understanding its security implications, hackers are already having a field day exploiting its shortcomings.

"Companies are using just-in-time AJAX developers who are building Web pages as quickly as possible and leaving the door wide open for their sites to be used to carry out all sorts of attacks," Weafer said. "The malware community is looking for new ways to cloak their work behind legitimate business and AJAX is providing that opportunity; as the criminals discover more of these vulnerabilities, theyre only being inspired to create even more attacks."

Yet another emerging weak point in enterprise system defenses is the growing adoption of smart phones, more PC-like handhelds that are typically linked to internal e-mail servers and CRM (customer relationship management) applications. While few attacks aimed at such devices have been seen in Europe and North America, hackers in the Far East, where handhelds have already become many workers primary computing device, are showing signs of things to come in the West.

Among the mobile attacks already being observed by Symantec in Asia are targeted phishing schemes delivered via mobile spam and malware that seeks to steal user data when the handhelds are being used to carry out financial transactions.

"Were only starting to see people in Europe and the United States begin to use their devices in the same fashion that people in Asia have been using their phones, but the applications are being written today and the attacks wont be too far behind," Weafer said. "As you see transactional systems put into place allowing businesses and end users to adopt new wireless applications, suddenly the mobile platform, which has been pretty much left alone here, becomes very attractive to those with the skills to attack it."

Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Ryan Naraines eWEEK Security Watch blog.