/dqc/media/agency_attachments/3bO5lX4bneNNijz3HbB7.jpg)
Follow UsWith sustained eight percent growth per year, India is destined to become
the world’s second largest economy by 2050. Goldman Sachs’ well-known BRICs
report originally predicted India to become number three, after China and the US, but the
country’s rapid growth acceleration led Sachs to revise it estimates, placing India
above the US by 2050.
That’s the good news. The bad news is, as India becomes more of a
global powerhouse, it also becomes more of a target to cyber thieves, hackers and
organized Internet gangs.
/dqc/media/post_attachments/4c3e33c0ea959535c22a8c9fcba8eb45292f8de14a61ea333acc7ba975891d53.gif)
alt="F-F-the-convergence_15june2k7.gif (14175 bytes)"> |
The Indian Computer Emergency Response Team (CERT-IN) reported that the
number of defaced websites in India has gone up dramatically. Both government and
corporate website defacements are on the increase, with 430 websites being hit during
December 2006 alone. About 25 percent of these attacks were from the LORD defacer group, a
Turkish group that defaces websites and leaves messages on the defaced site. Groups like
this seek not only to praise themselves, but also to disseminate political or religious
messages. It has become such a major problem that the Ministry of Home Affairs declared in
December that all ministries and departments should host their sites only on central
government and state government-owned servers.
These are simple attacks that can be easily prevented, and bringing
hosting in-house is a good first step. With direct control over the web environment,
organizations can impose a stricter access policy and a firewall based on unified threat
management (UTM) technology, and IT security officers can keep close tabs on what’s
going on in the network. But while defacements are a problem for Indian websites, it would
be a grievous mistake to think that they represent the biggest or most dangerous problem.
The notorious Nyxem virus for example, although actual damages were minimal, found the
highest level of infection in India. Outside of defacements, other cyber intrusions in
India consisted of phishing, unauthorized scanning, and virus/worm attacks, with
CERT-IN’s December totals showing 67 percent being attributed to phishing, 22 percent
to unauthorized scanning and 11 percent to virus/worm attacks.
In fact, the greatest cybercrime problem worldwide is not common hacking
or defacements, despite the embarrassment they may bring, but attacks that are
economically-based. Cybercrime has become a big business. Today, most hackers have no
political axe to grind, they do not seek glory from the hacker community, and they have
neither religious agenda nor extremist philosophy. They are in it for the money.
The malware economy
The spread of malware is driven by the very real prospect of economic gain, and as
attackers gain more success, the malware economy becomes self-perpetuating. Spammers,
phishers, and other cyber criminals are becoming wealthier, and therefore have more
financial power behind them to create larger engines of destruction. Hacking is no longer
the domain of the single, lonely character sitting in his parents’ basement—it
is a big business, often led by wealthy individuals, with multiple employees and large
bankrolls of illicit cash. And what’s worse is that not only is the frequency and
sophistication of the attacks increasing, the amount of damage is increasing as well. A
Gartner Group report showed 2006 profits from phishing scams rose over 400 percent, from
$257 per victim to $1,244 per victim.
Despite widespread attempts at education and reports in the press, these
attacks continue to be incredibly profitable. They play on greed and sympathy, and target
everyone—not just the uninitiated. In the United States, the new year opened up with
a report out of Michigan, where a county treasurer (who presumably should have known
better) fell for a Nigerian ‘419’ e-mail scam, and embezzled over $1 million in
county funds to send to Nigerian fraudsters overseas. Also in January, a Nigerian man
associated with a cyberfraud ring was arrested in Holland with 1.2 million in his pocket.
As the cybercrime industry grows and becomes more organized, it also
becomes easier for attackers to execute attacks. It is now possible to buy and sell
malware in an underground marketplace. Some of the most successful cybercriminals today
are not even the ones who perpetrate attacks directly, but those who provide the
infrastructure, by creating illicit botnets, phishing kits, and other attack components
and selling them to others.
The nature of converged attacks
Modern attacks are no longer limited to a single vector. There is an increasing level of
malware convergence, with attacks now combining spam, phishing, viruses, and directory
harvest attacks designed to yield the greatest level of profitability to the attacker. In
addition, today’s attacks are often a series of waves each with each wave having a
specific purpose. A simple attack will start with a Directory Harvest Attack wave to build
up a list of valid e-mail addresses. This is followed by virus laden e-mails whose payload
makes a user’s system part of a botnet. The machines in a botnet are used to
disseminate phishing emails which produce the monetary return for the attack.
In recent months, there has been an increase in phishing attacks that
target account-holders of major national banks. These attacks start with e-mail, which
appear as if they are coming from a legitimate banking source, and lure users to click on
a false website URL where the victims are tricked into revealing their login information.
Some may even combine phishing with an embedded intelligent keylogger, which watches
keystrokes to determine when a user attempts to visit a legitimate banking website, and
then replaces that legitimate URL with a duplicate URL that is connected to the
attacker’s server.
Solving the problem
We tend to think in terms of security silos, with individual solutions targeting specific
attack vectors. Unfortunately, this view is inadequate, and there is no single
‘silver bullet’ that can make your network secure. On the contrary, the solution
must come from multiple areas, multiple tools, and multiple people throughout the
organization. Solving the corporate security dilemma requires a dynamic and multi-layered
approach that is not a single solution, but rather, the coordinated interaction of
multiple solutions.
The first four layers are technological solutions, and include a
comprehensive system for protecting your e-mail system, a firewall, a content filtering
system, and secure remote connectivity. Remote machines, whether they are an individual
employee’s home laptop, or a client site halfway around the world, pose a great
danger simply because you have less control over their configuration—establishing a
secure connection through an SSL-VPN can overcome these challenges posed by remote
connections.
The fifth and sixth layers are not technological, but legislative and
behavioral. Information technology has connected the world to an unprecedented level, and
India’s continued global success depends on the continued interconnection of India
and the rest of the world in terms of economy, information, and most importantly,
technological infrastructure.
The author is President and CEO of SonicWall Inc