Advertisment

Security: Next gen threats and their solutions

author-image
CIOL Bureau
Updated On
New Update

BANGALORE, INDIA: Viruses, Trojans, Malware, Spam, Clickjacking, security threats have taken many new forms. Security solutions have evolved from mere anti-virus engines to those with comprehensive online protection features such as encryption, enhanced spam filtering, anti-viruses for mobiles and much more. Security managers must consider the changing nature of attacks and plan their strategies accordingly. We take a look at the current scenario and ways to combat this menace in future.

Advertisment

White Listing

The concept is not new but can be interpreted from different perspectives. The traditional approach of finding malware is to check against a pre-existing list of malware, termed as a black list. The trend these days is to check for the property of a program instead of tallying it against a list of malware.

Norton in its latest release has incorporated this feature which maintains a list of healthy files. During the scanning process, it checks only for files that are not there in the list and finds out if any changes have been made to existing files. The new approach is effective and also consumes less system resources in the long run, but still has long way to go before it's fully adopted.

We tested a product named DriveSentry 3.1.2 which utilizes the concept of Whitelisting. It checks against the list of black listed programs, a list of good known programs (white list) and the online advisor community. The software provides the flexibility of choosing programs that need to be protected. A user can create access rights for programs, for e.g whether Internet Explorer can perform write operations or not. It focuses mainly on write operations being performed by different programs.

Advertisment

A user can synchronize the software for updates from the online database. We tested the programs against our virus database and found it to quarantine all of them. We even tried to run some trojans and malware but the software very promptly blocked them. Other protective features such as anti-spam are not a part of this software. Another good feature about this approach is that the scan time required is less. This is because each time a scan is performed, trusted programs form part of white list and are not scanned until modified.

Active operating systems

The new releases of operating systems include advanced security features. For example, a user of Vista is always prompted for permission before any activity. These features are good for security but also end up consuming a lot of user time, sometimes unnecessarily.

Wireless Keylogger

Like most threats keyloggers are also getting advanced. In wireless keyloggers the recorded data can be obtained via Bluetooth without disturbing the person. This can act as a tool to keep track of the employee's activities over the network. If utilized in this fashion, it proves to be a utility for the enterprise. But one cannot undermine its potential to be used as a device for gathering information for destructive purposes.

Advertisment

This utility, when used as hardware integrated with the system, cannot be disabled by the user and data can be obtained at regular intervals. Now the data obtained will necessarily consist of important information like passwords, user Ids, etc, which comes through the system itself. This poses a great threat to the security. One possible solution for this is to use virtual keyboard as used by certain banking sites like ICICI Bank, but it still doesn't seem to be a practical solution.

 

Wireless connections

The growing rate of mobile work force for small and medium businesses has given strong impetus to wireless connectivity options and this is only expected to rise in the near future. However, there is a need for proper training of employees to ensure secure connectivity. After the recent incidents, where terrorists took undue advantage of insecure networks, companies are putting in place security measures such as VPNs and firewalls. Hackers are not just interested in breaking through the network but their real objective is to intercept vital information, decrypt it and then modify it. This doesn't stop here. They encrypt it again and then send it through the network. We've seen lot of such incidents in Hollywood sci-fi movies, where a hacker is able to take control of the entire country's system and then manipulate it.

Advertisment

Click-jacking

The word not only sounds like hi-jacking but has similar connotations as well. This new threat refers to the attack on the browsers. By exploiting vulnerabilities present in a browser a hacker can take control. Next, the victim can be duped into clicking on a link. that would lead to a malicious website. Such a website might inject malicious code on the system. To the victim it would appear as if he were clicking on something innocuous like a picture. Such an attack could be compared to cross-site injection or any other injection technique that has harmful consequences. At present there is no solution to combat this threat but as it uses graphics as a shield to hide its malicious content, switching to a browser that supports text only can be a solution (very difficult in the current scenario). However, research is underway to to come up with a more practical and viable solution.

Spam traffic

Spam volume was at a record high in Q3 this year with fairly steady monthly increases throughout the summer. The acquisition of innocent machines via email and web-based infections continued in Q3, with over 5,000 new zombies created every hour. The United States continued in its dubious role as the largest originator of spam, nearly doubling its worldwide share from 16.6 percent in Q2, 2008 to 32.1 percent in Q3.

According to a report from Secure Computing Research in 2009 we are likely to witness the following in future:

Advertisment
  • As the global financial crisis continues, criminals will take advantage of the panic and fear among consumers and increase their phishing attacks substantially.
  • During the coming holiday season spam increases combined with increased use of blended threats will ensure that spammers will increasingly use the lure of free coupons and gift cards.
  • Today, most malware attacks are financially motivated and target end-users. During the coming year, we believe there is a greater likelihood of attacks meant to manipulate public opinion to exploit the stock market.
  • In 2009 and beyond, politically motivated attacks will become more widespread, such as attacks on cyber infrastructure by hackers.
  • In 2009, web attack toolkits will add new platforms to their arsenal of 'supported' targets. iPhone is one such candidate, as are 'Web 2.0' social platforms such as Facebook and MySpace. With rise in popularity, their vulnerability increases.
  • By the end of 2009, about half of all web-born malware will be hosted on compromised websites.

Social networks

The word is not new but has taken a potentially dangerous new dimension. We're all aware of all the social networking sites out there, which are increasingly being used by millions across the globe. Often unknowingly, people share information on these sites that could prove to be a security hazard. As the real identity of the account holder can be faked, so the authenticity of a person is always in question. Generally these sites carry information that is personal in nature. This can be a target by the attacker and be used in a way that can prove to be detrimental to a person or organization. Apart from this, an attacker can himself con a person to share information by sending a link for a phising web site. A user should be cautious while dealing with messages containing these links.

 

Advertisment

Identity Management 2.0

New ways for managing a user's identity and their rights for access to various resources will emerge in Identity Management 2.0. This management approach is an improvisation over the Identity Management 1.0 which included authentication, authorization, user provisioning and password management. The new management system will include stringent forms of authentication, risk-based authorization and fine-grained entitlements, role based user provisioning and ability to virtualize identities.

a)Enhanced authentication and risk-based authorization

Imagine a threat similar to phishing that tries to steal a user's identity by pretending to be one of the legitimate site. Under such a condition the legitimate website can incorporate software products that uses enhanced authentication techniques like on-screen pads. To further add to the security, these input pads are customizable so that a user will only know its pad. Assuming that the attacker has somehow managed to get information about the personalized pad, even then the role of risk-based authorization will come into play. This advanced technique maintains an analysis of behavior patterns of the user session. If any abnormal behavior is found, the system will prompt the user to authenticate again. These new techniques definitely make life harder for an attacker.

b) Fine grained entitlements

Earlier the access management system was simple and once the user had been given access it was up to the user to use the system to whatever level. But the upcoming trend in the management of systems is to give a very specific access to the users based on their position and requirements. For example, a physician may only be allowed to access records of patients under his care.

Advertisment

c) Role management

Defining policies for different roles within an organization according to changing business requirements is the key feature under Identity Management 2.0. This will not only include defining new policies or roles but will also provide the flexibility to modify existing roles. Such an approach is beneficial for business management and also simplifies the process of assigning access rights to the user.

d) Identity virtualization

Under earlier systems, details regarding users and their passwords were maintained across multiple directories. Identity Virtualization is a virtual directory of all users with their information. Such an approach reduces the access time and presents a consolidated view of all users. Virtual directory is like a layer above all user repositories.

Mobile malware

With the increasing use of smart phones, vulnerabilities also increase. Mobile malware holds a lot of potential and will evolve because of penetration of faster networks. Mobile devices are launched with a lot of new features but at the same time they open more holes on the security front. Some of the attacks that will be common are session keylogging, obtaining contact lists, etc.

Another trend to catch up will be solution to these malware from anti-virus vendors. Monetization of mobile malware will be successful. Apart from this one can think of open source malware, ie the code is modifiable and anyone can add to the functionality of that code.

Data kidnap

Threats may not be limited to only causing damage to data or a person. It is possible that an attacker might steal some important data of an organization and then encrypt it. Then some form of extortion might be resorted to in lieu of the data. Myfip is a type of IP theft worm that tries to steal files with extensions such as: .pdf, .doc, .dwg, .sch. 

tech-news