Security Watch

Are We Winning the Battle Against E-Crime?

Firewalls and other security measures have mitigated threats, but the onslaught continues, says a recent survey.

• By Russ Cooper
• 05/31/2005

Amongst the significant findings, respondents were asked on what security issues they spent the majority of their time. If the media is to be believed, one would expect the answers to include preventing phishing attempts, Denial of Service attacks and online extortion. Yet respondents indicated they spent more than twice as much time on "child exploitation" as any of those other threats. The top time-consumers were "fraud" and "identity theft."

(The term "identity theft" is a contentious one. It implies that one's identity is stolen such that it is no longer available to its owner. Although Hollywood and the media have made attempts to convince us this is plausible, the reality is it's virtually impossible to accomplish. Cybertrust prefers the term "identity fraud" when, for example, someone obtains the PIN number for your online banking and spends your money, or obtains the password for your PayPal account and abuses your privileges.)

The media take on the release of this year's survey suggested that fighting e-crime was getting better. However, at least 65 percent of respondents stated that the number of crimes experienced by their networks either didn't change or increased!

More than 50 percent of respondents indicated viruses, spyware and phishing attempts as the most common e-crimes committed against them. And 13 percent of respondents indicated they had discovered zombies or bots on their networks. This is surprising because such systems generally require weak or non-existent firewalls in order to function, and these respondents seem security-savvy enough to appreciate the need for firewalls.

The top e-crime committed by organization insiders had to do with rogue wireless access points (WAPs). Presumably this refers to setting up a WAP without permission, or abusing the availability of a WAP. One has to wonder how many of these e-crimes were actually prosecuted, as opposed to reprimands being issued for not adhering to company policy.

The biggest motivator for not reporting e-crimes was that the "damage level [was] insufficient to warrant prosecution," while 6 percent reported that "prior negative response from law enforcement" prevented them from reporting. Law enforcement needs to ensure that number doesn't rise so the public continues to report e-crime.

Forty-three percent of respondents indicated their monetary losses remained the same or increased over 2004, and 53 percent believe they will stay the same or increase in 2005.

After "hackers" and "unknown," respondents indicated that "current employees" pose the greatest cyber security threat to their organizations.

Despite reports of abuse, respondents deemed firewalls and automated virus scanning as being 99 percent effective at detecting or countering misuse or abuse of systems or networks. Spyware and adware detection was rated as 94 percent effective, a surprisingly high value given the dire warnings the media continually deliver about how easy it is for new spyware and adware to be installed.

"Manual patch management" was cited as the least effective technology in fighting abuse. Interestingly, "automated patch management" was considered only slightly better than "physical security systems" and worse than "intrusion detection systems."

The survey, conducted by CSO magazine in cooperation with the U.S. Secret Service and the Carnegie Mellon University Software Engineering Institute's CERT(R) Coordination Center, is available here.

Security Update 2005-005 has been released for the Mac OS X operating system, including issues covered by Intellishield Alerts 9166, 8553, 9165, 9169 and 8599.

This update includes security patches for:

• Apache
• Appkit
• AppleScript
• Bluetooth
• Directory services
• Finder
• Foundation framework
• Help viewer
• LDAP
• libXpm
• lukemftpd
• NetInfo
• Server Admin
• Sudo
• Terminal
• VPN Server

While reviewing the security update, Cybertrust noted several significant enhancements in the Tiger version of Mac OS X. They include:

• UDP Blocking: By allowing you to block all UDP traffic, Tiger can eliminate the possibility of many types of forged packets and other insecure traffic.
• Stealth Mode: Tiger's Firewall can be established to prevent your computer from sending any response whatsoever in the event it receives unwanted network traffic. Normally, a computer which rejects network traffic sends a response indicating the traffic was rejected. When Stealth Mode is configured, no response is returned. This can eliminate some attack methods, and reduce the volume of traffic generated during a Denial of Service attack, amongst other benefits.
• When any service or application installed on the system attempts to run for the first time, the user is prompted for the Administrator password. This ensures that an attack invoking an existing but unconfigured service or application is brought to the attention of the system owner.