IT specialists and analysts said that as online social networking is not limited to only office premises and businesses but have also spread to bedrooms, kitchens and every nook and corner of the society, the issue of ensuring security from the means of mass communication has become a daunting task for experts, companies and states alike.[break]
According to technology leaders gathered at the Asia-Pacific Press and Analyst Summit in Phuket of Thailand last week, users of social networking, for instance, facebook, twitter, Skype and other similar applications are most vulnerable in terms of security.
They said while big enterprises like banks, telecoms, educational institutions or research centers are likely to fall prey to targeted attacks, the end users are also vulnerable to widespread malwares.
Nir Zuk, founder and Chief Technology Officer (CTO) of Palo Alto Networks, said the common thing to all these attacks is that the attackers use new kinds of malwares and new kinds of ways to perform their attacks.
“They want to get into our datacenter and steal data from it. Today, to attack a datacenter, the attackers usually attack an end user who has access to it,” he said.
Zuk was introduced at the summit as a bad-boy hacker to one of this year’s most talked-about Silicon Valley start-ups.
He said, instead of trying to break multi-million-dollar security infrastructure, hackers find one victim in the organization, attack him and then from there they use the credentials of that user to go to the datacenter. Describing how it happens, he said in the past hackers attacked a lot of machines.
They tried to spread to as many machines as possible and made a little game for each and every machine, maybe steal a credit card number, spam with emails or other techniques.
They tried to make very little money from each machine and they could make a good amount of money out of these attacks by spreading it to a number of them.
“Today, we’re being attacked by nation states; we’re being attacked by organizations carrying out organized crimes. They have a lot of money to spend on their attacks.
And they attack very high value targets. They attack targets with a single strike which will make them more money than can be made by attacking millions of machines, as in the past,” Zuk explained.
Five steps of attack
In the first step, the attackers lure an end-user to open a document, like a PDF, a PowerPoint presentation, an Excel spreadsheet, an MP3 song, a movie, a Flash, maybe even just visit a website, Zuk explains. Then, the end-user is made to open a document or visit a website.
“You do it with something called spear phishing. It’s a very simple attack,” he explained. “Let’s say, I want to attack one of your readers. First I can go to LinkedIn, or in some countries - the equivalents of LinkedIn, and find out who works for you or for the organization that I’m trying to attack. I get a list of as many of their employees from it. Then I can go to Facebook or Twitter and learn about these users. I can learn who their friends are, what they like, what they don’t like, and then develop an attack that works for those users.”
According to him, if a hacker finds that an office has two employees who like golfing, they create a PDF document or a PowerPoint presentation or even a website that talks about ten ways to improve swings. And then send that document or a link to that website to the user via email, via Instant Messenger, via Facebook, Dropbox or any other applications, making it appear as if it came from one of their friends.
The hacker knows who the end-users are, who their friends are and what they like. Then the hackers send them a document that they know they’re going to open because they’re going to trust it.
Source: HP
“In the second, by sending this PDF document or the PowerPoint presentation or whatever that’s going to exploit an unknown vulnerability in an application like Adobe PDF Reader or Microsoft PowerPoint or iTunes if it’s an MP3 song, it’s going to exploit this unknown vulnerability, and the result is that a very small piece of code is going to run on this machine,” he explained.
In the third step, the exploit is going to go out to the Internet and download a big program called the backdoor. It’s kind of a Trojan Horse that gets installed on the machine and it allows the attacker to do whatever they want on that machine.
In the fourth step, that program is going to connect outside of the attacker, creating what we call a bad channel, a command and control connection, so this is the name for that.
“And now that the attacker has a program running on your network that is connected back to the attacker’s, they can execute the fifth step of the attack, which is pretty much - do whatever they want on the network,” he said.
This is how attacks happen today.
According to him, hackers don’t attack the web server; they don’t attack the email server; they don’t attack what is the traditional network security because the traditional network security infrastructure is protected.
“They attack the end-users. They get on an end-user’s machine and from there they do whatever they want on the network,” he thus highlighted the complexity of IT security problems.
Zuk, who had written some of the very first computer viruses in his teen years later u-turned his passion to address protection and embarked on a career in the network security industry, developed inspection technology and the first commercially viable firewall and built the world’s first IPS system.
He believes there’s no 100% protection but there can be much improvement. He said at present a lot of bad PDF documents come in through different publications—Skype, Dropbox, SharePoint and many other applications, and it takes longer time to respond to it.
According to him, a bigger problem is that at present it takes many months from the time an attack happens until the IPS industry responds to it, whereas attackers are to get on as many machines as possible, and as quickly as possible.
“If you don’t catch the attack in those five minutes, you’ll never find it. For that, an IPS vendor would need to hire an army of tens of thousands of security analysts to analyze each and every PDF document and Excel spreadsheet and PowerPoint presentation going on or into the network to see if they’re good or bad. That cannot happen,” he explained the complexity of the difficulties in providing network security.
He said unlike in the past, it has become more challenging as a single PDF document can ruin a company, when a single PowerPoint presentation can bring down an entire network and steal all its data. So each and every PDF and PowerPoint and Excel needs to be researched.
Zuk said there aren’t enough security researchers in the world to analyze all the executable downloads while, according to him, each download is a suspect now.
What can we do to fix this?
“We need to protect against bad documents like PDF and PowerPoint presentations, coming in [through all applications],” he informed, adding that another key factor is response time. He said it needs to be responded much quicker.
Saying that while every single PDF document, all the PowerPoint presentations, Excel spreadsheets, all the MP3s, all the websites, all the Flash programs in the world need to be analyzed, he added it is not possible with humans.
“Therefore we need to be able to completely automate the process of analyzing objects and then responding to attacks.
Essentially, we need to take the human security researcher and replace him with an automated system,” he offered a solution at the gathering comprising an audience including press and analysts representing more than 70 publications in 15 countries across the Asia Pacific region.
Also top executives from Arista Networks, Brocade, Extreme Networks, Fortinet, Blue Coat Systems, HP Networking, MEF, Niometrics, Sourcefire, UIH, IDC, Gartner, Analysys Mason, Market Clarity, Ovum, Forrester Research and many others offered solutions at the event organized by
Net Events.
Zuk believed that from months it can be brought down to one hour by automation, and the entire customer base can be protected against that attack within an hour with the future version of WorldFire, recently introduced by his team.
He said during a period of a few months they discovered about 700 new families of malware that were not known before.
230 million smart-phone devices to ship into Asia in 2012
Presenters at the summit were one on the view that Asian markets – mainly China and India – are going to be the main focus of multi-national companies in the days to come, given the fact that Asia-Pacific has already overtaken the western markets in the growth rate of social-network users and the volume of smart-phone and other latest devices used.
Making a presentation on “Defending the enterprise from the latest generation of cyber attacks,” Tim Dillon from the AVP Asia Pacific End User & Mobility Research, IDC underscored the gravity of the looming problem that the use of proliferating smart-phone devices may invite in the near future.
He said that credit cards used to be the things that hackers went after in the past. But now it’s about stealing the end-users’ identity. “It’s an interesting shift in the mindset of hacking attacks.”
According to Dillon, on an average, next year 230 million smart-phone devices will ship into the marketplace in Asia Pacific, that’s excluding Japan.
He added that tablets are growing at double-digit numbers. Conversely, according to him, the growth number for desktop PCs for business in Asia Pacific is 4 to 5 percent around the region.
He said with the market flooded with such devices, the situation has become fluid and more challenging to deal with.
600,000 breaches a day on Facebook
Dillon anticipates that mobiles are going up to game-busters in Asia Pacific in the days to come.
“Social analytics, you’ve got to love social media and all those things that are out there. Social media is a tremendous opportunity for organizations. But look at the breaches – 600,000 breaches a day on Facebook alone.
So we’re using social media platforms that are in some cases inherently insecure and very vulnerable,” Dillon explained.
Mobiles can bring down governments
Dillon claims mobile devices can bring down governments.
“They have particular strengths in verbal or short-text communities – encouraging collaboration through remote working, building communities and opening up communication channels on the move,” he said.
“Is it a question of taming the beast to fit current business practices? Or business practices evolve to embrace these new functions and freedoms? Either way, what are the implications for the role of the PC?” he raised the questions.
Chief Marketing Officer of Brocade, John McHugh, who was introduced at the summit as one among the network world’s “top 50 most powerful people in networking” and known for his insight and sharp analysis of trends, echoed Dillon’s opinion that mobile devices can bring down governments.
He said 2011 will be remembered as a major industry turning point, with the soaring interest in cloud computing, the business impact of social networks, and the continuing surge in mobile applications.
thirbhusal5@gmail.com
Related story
Facebook beefs up food delivery options from its app
