Different Brands of Breach

Malware Menace

Malware is designed to infiltrate a computer without the owner’s consent.It can unleash a spate of problems. These include:

• Keyloggers that capture passwords and other sensitive data
• Rootkits that hide the fact that a system has been compromised and facilitate the replacement of vital system executables and control key functions
• An array of other viruses, worms and Trojan horses

A recent CSI Computer Crime and Security study found that 27 percent of respondents had experienced a “targeted” attack. (A targeted attack involves sending a class of malware directly to a specific organization or industry.) What’s more, these breaches are becoming stealthier all the time.

In some cases, malware attacks rely on sophisticated botnets to take control of systems — including enterprise computers — so that thieves can hijack or control the machines in order to perform malicious tasks. Such tasks include password and identity theft, keystroke logging, spamming, adware production and the generation of Distributed Denial of Service (DDoS) attacks.

Computers that fall prey to bots are referred to as “Zombie” systems. They typically lie in a dormant state until the perpetrator unleashes them. All the while they surreptitiously spread and infect other systems. Once activated, computers infected with bot code register themselves on the network and begin wreaking havoc. When these massively parallel systems — sometimes into the millions of PCs — receive a command, they initiate an attack.

Attacks On Web Browsers/Hostile E-mail Attachments

Web browsers and e-mail have become the backbone of enterprise communication and collaboration. But their widespread use also makes them a convenient target for thieves. In fact, they are often the way in which attackers gain a foothold into an organization.

In some cases, thieves use pop-up ads to indicate that a system is infected with malware. They then convince the user to download a program supposedly designed to fix the problem.

Instead, it actually contains malicious code. Social networking sites, such as Facebook, MySpace and Twitter, have increasingly become the source of such attacks.

Spam has also become a huge problem, one that extends beyond being a mere productivity drain. Several billion spam messages circulate daily. And many include files that look legitimate but unleash a deadly payload. Organizations have increasingly turned to spam filters to ferret out potentially dangerous messages. Combined with an antivirus application that scans messages, it’s possible to intercept problem files before they’re opened.

SQL Injection Attack

This type of attack has emerged as a common website attack method over the last several years.

With SQL injection, an attacker’s malicious input corrupts the application layer of the website. The resulting persistent cross-site scripting flaws affect the SQL commands issued to the database, thereby compromising end-user workstations.

The malicious code is inserted into strings that are passed to a SQL server. The script allows hackers and thieves to vandalize and replace web pages, steal credit card and other private data, and manipulate databases. Such attacks have the potential to compromise thousands of records.

Preventing such attacks requires improved programming — including avoidance of dynamically generated SQL code. Scanning for attempted breaches can also be helpful.

Configuration Management/PC Lockdown

Configuration management and the lockdown of client PCs represent another weak point within many companies. Too often, employees and independent contractors use weak passwords.

Assorted systems and applications create additional vulnerabilities and failure points. These areas of weakness include software and data residing on notebook PCs and portable storage devices.

Unfortunately, internal risk is often overlooked. It’s not uncommon for employees, contract workers, consultants and others to have access to systems they’re not entitled to use. What’s more, disgruntled employees and others on the inside of a business often find gaps or breakdowns to exploit.

Still another problem is that many companies lack coherent exit policies. Employees retain access to systems for days or weeks after they’ve left the organization.

Finally, rogue business processes frequently go unnoticed. Such processes include employees sharing e-mail messages and files with others that aren’t authorized to view the information.

Password Issues

A number of potential problems exist with passwords. Each can lead to a significant level of network compromise.

First, employees may write passwords on sticky notes that can be found and exploited. Or they may recite them out loud when they’re recovering a lost password from the IT help desk. In addition, employees may use weak passwords that are easily cracked, including their name or a common word.

Some applications can generate strong random passwords. However, employees must also understand their role in generating and protecting them. A strong password consists of a combination of letters, numbers and symbols and is at least seven characters long.

Many organizations have moved past separate passwords for separate systems and have embraced a single log-on structure. Companies are also turning to multifactor authentication using a combination of authentication methods. These can include such things as a USB token and a password or a biometric scan and password to authenticate the user.

This type of authentication technology also offers the advantage of knowing who is logged into the system.

Wireless Security

The challenge of protecting an enterprise is magnified by the pervasive use of mobile technology. The use of mobile smartphones, notebooks and netbooks has companies expanding into different ways of connecting to the network. This makes the network and its data more exposed, offering new opportunities to hackers.

Forrester Research reports that 73 percent of global enterprise workforces will be mobile by 2012. Already, it’s estimated that 70 percent or more of enterprise data resides in some form on mobile devices.

However, wireless security must extend beyond the actual devices. If employees and contract workers use an unsecured Wi-Fi connection, it’s possible for thieves to capture data over the air.

Wireless technology is also being used in new and different ways. Consider retail operations where wireless networks connect cash registers and barcode scanners with store computers. These networks can be vulnerable to breaches and can provide a “treasure-trove” of data to unscrupulous cyberthieves.

Even secure systems can be continually monitored for the slightest hint of weakness. A wireless technique known as “wardriving” or “warwalking” consists of an individual in a car or walking using a portable PC to identify unprotected wireless networks.

Once found, perpetrators can set up wireless LANs outside of a business and use them to hack into systems. According to published reports, this was the case regarding the network breach at TJX Companies several years ago.

Loss of Mobile Devices

Despite their enormous value, mobile devices create a huge security risk. The reason: They allow employees and others to carry highly sensitive data outside an organization’s boundaries.

Unfortunately, about 10 percent of notebooks and other mobile devices wind up lost or stolen. And over 95 percent are never recovered. Airports, offices and an array of other locations present genuine risk.

Unfortunately, many firms lack the ability to track and lock devices, encrypt data and use a remote wipe feature to clear a lost or stolen computer or smartphone. At the heart of the problem: Employees who are left to the task of following rules, policies and procedures often willfully or inadvertently fail to do so.

Consequently, use of software to provision and manage devices — along with tools to encrypt data — goes a long way toward achieving protection and ensuring adequate security. Likewise, blocking specific features and locking down specific components, such as camera phones, further reduces security risks.

LAX Laptop Loss

According to a study conducted by the Ponemon Institute, approximately 1,200 notebook PCs are lost weekly at the Los Angeles International Airport. The five airports with the highest number of lost, missing or stolen notebooks include LAX, Miami International, Kennedy International and Chicago O’Hare.

Airport Insecurity: The Case of Missing and Lost Laptops, Ponemon Institute, June 30, 2008