Join our Mailing List

"I believe that to meet the challenges of our times, human beings will have to develop a greater sense of universal responsibility. It is the foundation for world peace."

Cyber Crime: Forget Conficker--focus on the real threats

May 23, 2009

By Mary Landesman,
May 22 2009

After all the hysteria generated by Conficker, I
was tempted to try and get to the bottom of the
many reports and research about the worm. But
when I started to distil that information, I
found it amounted to very little--especially
compared with the threats that really deserve our attention.

So what are the threats that keep me awake at
night? Top of the list are data-theft Trojans.
These are forms of malware that shun the
spotlight, preferring to escape attention
altogether in an attempt to survive as long as possible.

Data-theft Trojans figured prominently in two key
reports released recently: the first, a joint
advisory from the FBI and U.S. secret service,
and the second, a result of investigative
research into GhostNet performed by the Munk
Centre for International Studies and The SecDev Group, both of Canada.

In the U.S. secret service-FBI advisory,
investigators noted "a considerable spike in
cyberattacks against the financial services and
the online retail industry". Two of the behaviors
reported included the installation of
network-traffic analyzers, aka sniffers, and the
installation of backdoors that provide remote,
surreptitious access to the compromised computers and networks.

Compromises and attacks
The GhostNet research focused on a series of
compromises and attacks recorded during "a
10-month investigation of alleged Chinese
cyberspying against Tibetan institutions".

The GhostNet researchers reported that "the
threshold for engaging in cyberespionage is
falling. Cybercrime kits are now available
online, and their use is clearly on the rise, in
some cases by organized crime and other private actors".

While the two reports focused on their respective
target areas--financial services and pro-Tibetan
arenas, respectively--the methods and outcomes
described closely match the methods and outcomes
observed by ScanSafe in 21 industry sectors throughout 2008 and into 2009.

Not only has cyberespionage become turnkey--a
virtual franchise opportunity for criminals, if
you will--the impact of these continued attacks will have global repercussions.

In essence, attackers are using data-theft
Trojans to siphon off our most precious
intellectual-property assets. In the financial
arena, those assets might be credit-card and bank-account numbers.

For Tibet, the intellectual-property assets may
consist of: "Files and [e-mail messages] with
contact information, lists of meetings and
attendees, draft position papers, internal
PowerPoint presentations, organizational budgets
and lists of visitors [that] can represent items
of strategic value to rivals and enemies",
according to the Canadian researchers.

The most targeted sectors identified by ScanSafe
research include energy and oil, pharmaceutical
and chemical companies, engineering and
construction, and transport and shipping.
Intellectual property from these industries could
be used for a variety of illicit purposes,
ranging from stock manipulation and patent
tampering, to critical infrastructure insecurity and physical breaches.

Data-theft Trojans in general are not very sexy.
Because this type of malware hides from view,
victims are largely oblivious of its presence.
Data-theft Trojans also prosper from the
assumption that they are someone else's problem.

Yet these Trojans have an impact on all of us.
Whether it is in the form of higher fees and
prices that result from credit-card fraud, or
stock losses due to manipulation, or the loss of
physical security, data-theft Trojans has greater
potential to harm than any other form of
malware--perhaps even greater than many more overt forms of military conflict.

Compromises and attacks
The increase in this type of malware is nothing
short of alarming. In 2008, the number of
data-theft Trojans delivered via the web
increased 1,559 percent. To put that growth into
terms that may be easier to digest, in 2008 a
representative 15,000-seat ScanSafe customer
encountered over 30,000 Web-delivered malware
attempts; and over 11,000 of these, or more than
30 percent, were attempts to deliver data-theft Trojans.

So while Conficker may be headline news, the
threats we need to be most concerned
with--surreptitious data-theft Trojans--are going unnoticed.

Mary Landesman is the senior security researcher
for ScanSafe.This article was published in ZDNet UK at the end of April.
CTC National Office 1425 René-Lévesque Blvd West, 3rd Floor, Montréal, Québec, Canada, H3G 1T7
T: (514) 487-0665
Developed by plank