Are We Winning the Battle Against E-Crime?
Firewalls and other security measures have mitigated threats, but the onslaught continues, says a recent survey.
A recent survey of security and law enforcement executives shows that the fight
against electronic crimes (e-crimes)
continues to be an uphill battle.
Amongst the significant findings, respondents were asked on what security issues
they spent the majority of their time. If the media is to be believed, one would
expect the answers to include preventing phishing attempts, Denial of Service
attacks and online extortion. Yet respondents indicated they spent more than
twice as much time on "child exploitation" as any of those other threats.
The top time-consumers were "fraud" and "identity theft."
(The term "identity theft" is a contentious one. It implies that
one's identity is stolen such that it is no longer available to its owner. Although
Hollywood and the media have made attempts to convince us this is plausible,
the reality is it's virtually impossible to accomplish. Cybertrust prefers the
term "identity fraud" when, for example, someone obtains the PIN number
for your online banking and spends your money, or obtains the password for your
PayPal account and abuses your privileges.)
The media take on the release of this year's survey suggested that fighting
e-crime was getting better. However, at least 65 percent of respondents stated
that the number of crimes experienced by their networks either didn't change
column was originally published in our weekly Security Watch
newsletter. To subscribe, click here.
More than 50 percent of respondents indicated viruses, spyware and phishing
attempts as the most common e-crimes committed against them. And 13 percent
of respondents indicated they had discovered zombies or bots on their networks.
This is surprising because such systems generally require weak or non-existent
firewalls in order to function, and these respondents seem security-savvy enough
to appreciate the need for firewalls.
The top e-crime committed by organization insiders had to do with rogue wireless
access points (WAPs). Presumably this refers to setting up a WAP without permission,
or abusing the availability of a WAP. One has to wonder how many of these e-crimes
were actually prosecuted, as opposed to reprimands being issued for not adhering
to company policy.
The biggest motivator for not reporting e-crimes was that the "damage
level [was] insufficient to warrant prosecution," while 6 percent reported
that "prior negative response from law enforcement" prevented them
from reporting. Law enforcement needs to ensure that number doesn't rise so
the public continues to report e-crime.
Forty-three percent of respondents indicated their monetary losses remained
the same or increased over 2004, and 53 percent believe they will stay the same
or increase in 2005.
After "hackers" and "unknown," respondents indicated that
"current employees" pose the greatest cyber security threat to their
Despite reports of abuse, respondents deemed firewalls and automated virus
scanning as being 99 percent effective at detecting or countering misuse or
abuse of systems or networks. Spyware and adware detection was rated as 94 percent
effective, a surprisingly high value given the dire warnings the media continually
deliver about how easy it is for new spyware and adware to be installed.
"Manual patch management" was cited as the least effective technology
in fighting abuse. Interestingly, "automated patch management" was
considered only slightly better than "physical security systems" and
worse than "intrusion detection systems."
The survey, conducted by CSO magazine in cooperation
with the U.S. Secret Service and the Carnegie
Mellon University Software Engineering Institute's CERT(R) Coordination Center,
is available here.
Update 2005-005 has been released for the Mac OS X
operating system, including issues covered by Intellishield Alerts 9166, 8553,
9165, 9169 and 8599.
This update includes security patches for:
- Directory services
- Foundation framework
- Help viewer
- Server Admin
- VPN Server
While reviewing the security update, Cybertrust noted
several significant enhancements in the Tiger version of Mac OS X. They include:
- UDP Blocking: By allowing you to block all UDP
traffic, Tiger can eliminate the possibility of many types of forged packets
and other insecure traffic.
- Stealth Mode: Tiger's Firewall can be established
to prevent your computer from sending any response whatsoever in the event
it receives unwanted network traffic. Normally, a computer which rejects network
traffic sends a response indicating the traffic was rejected. When Stealth
Mode is configured, no response is returned. This can eliminate some attack
methods, and reduce the volume of traffic generated during a Denial of Service
attack, amongst other benefits.
- When any service or application installed on the system attempts to run
for the first time, the user is prompted for the Administrator password. This
ensures that an attack invoking an existing but unconfigured service or application
is brought to the attention of the system owner.
Russ Cooper is a senior information security analyst with Verizon Business, Inc.
He's also founder and editor of NTBugtraq, www.ntbugtraq.com,
one of the industry's most influential mailing lists dedicated to Microsoft security.
One of the world's most-recognized security experts, he's often quoted by major
media outlets on security issues.