Web infrastructure will soon be unable to cope with threats, according to experts at Neustar security forum.
Threats to the internet have increased significantly in recent months as cyber criminals step up the frequency and sophistication of their attacks, leading to a need for drastic action on the structure of the internet, according to experts speaking at a recent Neustar security forum in London.
The CSO 2010 CyberSecurity Watch survey shows that cybercrime threats to organizations are increasing faster than they can combat them. The issue – attackers are becoming smarter and using more sophisticated malware, viruses and techniques that have outpaced traditional security models and many current signature-based detection techniques. And, it looks like this gap is only going to widen as cyber criminals build more complex and innovative threats.
Threats to the internet have increased significantly in recent months as cyber criminals step up the frequency and sophistication of their attacks, leading to a need for drastic action on the structure of the internet, according to experts speaking at a recent Neustar security forum in London.
Security professionals are constantly playing catch-up to cyber criminals, and the speakers put forward arguments about how the internet DNS should be secured through the use of DNS Security Extensions. However, they argued that in the longer term, the whole design of the internet needs to be rebuilt from scratch in order to mitigate the increasing risks.
Neustar chief technology officer Rodney Joffe explained that the security event had been designed to raise awareness among large organisations in the UK about new internet threats.
"The threat landscape has really changed. Originally we were dealing with youngsters, then it was criminals, but now it is more international and we are looking at corporate espionage and threats from nation state actors," he said.
"Threats that have surfaced in the last few months are unlike those people have looked at before. Most of the time people look at threats relating to desktop or system compromises, but these are treatable by taking steps within a company.
"Now there are vulnerabilities that are network-based and, because of weaknesses in the protocols, there are no easy solutions."
Joffe gave examples of how cyber criminals have grown more sophisticated in recent months, referring to a growth in Zeus-based automated clearing house (ACH) fraud, the Google hacks, new flavours of DNS cache poisoning and Border Gateway Protocol (BGP) route hijacking.
A poll conducted at the event showed that the majority of attendees were unaware of the examples used by Joffe even though they have been publicised widely in the media.
The spread of Zeus has been occurring since January last year but Joffe, who has written a white paper on the subject that he said is being used by the FBI, warned that the banking Trojan is becoming a more pressing problem every day.
Zeus taps into the ACH network used by businesses and individuals to make electronic transactions. The software is being sold for thousands of pounds in the criminal underground because it allows hackers to harvest banking details from infected computers.
Joffe suggested that, as the ACH network becomes more widely used for online payments and transfers, it will become more of a target for criminals.
Joffe also referred to the hack of Google's Gaia password system to warn attendees of the dangers of internet single sign-on systems and explain why he believes the infrastructure of the internet needs a redesign.
Google's Gaia controls access to Google Apps for millions of users. It was used as the access point for the cyber attack that exposed the accounts of human rights activists last December, and has stirred a debate on whether computer systems that centralise personal details of individuals are a risk to privacy.
But Joffe's key focus was on two areas of internet crime that he believes have become more dangerous this year: DNS cache poisoning and BGP route hijacking.
"I'm sure most of you came here today to hear about cache poisoning, the single largest driver to SecurityExtensions," he said.
The DNS is meant to work by the servers translating a domain name into an IP address, which then diverts traffic to the right computer. But cache poisoning returns an incorrect IP address so that traffic is diverted to the wrong computer.
The problem with the structure of the internet is that DNS routing relies on trust.
"Today there is a great problem as there is no authoritative centre that says which is the right IP address, and there is no way of knowing who should own which routes," said Joffe.
He referred to the incident in March when China's internet firewall was extended to the rest of the world because China leaked the IP address of its root server outside China. "It violated all the tenants of DNS for route servers," he said.
Also speaking at the forum, Nominet chief technology officer Simon McCalla described the work the .uk registry has been doing since March to introduce DNS Security Extensions to authenticate traffic, making it virtually impossible to spoof.
"The most significant threat to us is the DNS security threat. As the DNS was designed 25 years ago for a much more trusted security space, there are inherent insecurities that have yet to be exploited fully," he said.
"However, it is our job to make sure we can prevent exploitation of those weaknesses. DNS Security Extensions will guarantee that the data you receive from the server is the data that you asked for."
BGP route hijacking is another reason why the structure of the internet needs to be changed. The border gateway protocol (BGP) is used by ISPs to establish the best routes between each other.
Joffe explained that an incident in China in April had proved the inherent weakness of the protocol. The state-owned China Telecom had transmitted routing information back to the country's own ISP, IDC China Telecommunications, rather than to the rightful ISPs owned by Dell, Apple and Yahoo.
Around 38,000 networks were affected by the incident, or roughly 10 per cent of the world's internet routes.
"The amount of work needed to do this was staggering. But these are the things IT departments just don't know about as they happen outside the organisation," said Joffe.
"There is no way for enterprises to solve these problems themselves and there is no way for the internet community in general to solve the problem without making significant changes to the plumbing of the internet.
"We need to redesign the system and rebuild it from scratch otherwise we will be building in securities forever."
Meanwhile, in the short term, Joffe said that UK organisations need to become more aware of the problems and of traffic being hijacked, and to communicate more with law enforcement agencies and competitors.
"You need to all collaborate as the bad guys will attack all of you at some point," he warned.
McCalla added to this, advising attendees to regularly review their security processes and train staff. He also warned that the internet is about to get even more complicated.
"At the moment it is just human beings that use the internet but soon it will be machines like fridges as well. The internet of things is coming fast. The government is already pushing the rollout of smart meters," he said.
An attendee at the event, IOActive president and founder Joshua Pennell, a greed that the internet needs a more secure critical infrastructure.
"I plan to let my customers know about the emerging trends in research I have heard here today," he said. "Organisations need to work on a different security strategy."
Meanwhile, Robert Holmes, managing director of the Corporation Service Company, suggested that the increasing sophistication of DNS attacks marks the "second coming of the internet".
"This would change the game for everyone," he said.
The CSO 2010 CyberSecurity Watch survey shows that cybercrime threats to organizations are increasing faster than they can combat them. The issue – attackers are becoming smarter and using more sophisticated malware, viruses and techniques that have outpaced traditional security models and many current signature-based detection techniques. And, it looks like this gap is only going to widen as cyber criminals build more complex and innovative threats.
Adding a layer of complexity to this issue, is the rise of social networking and online communications, online financial transactions, organized crime extending into cyber space, and the unfortunate motivation of economic hardships all over the world.
Improvements to address your cyber vulnerabilities can start with thinking about cybercrime differently. Comprehend the seriousness of threats to your data, processes and tools; shift from a security-based to more of a risk-based approach to cyber security, and finally, knock down the siloes across the enterprise. Share and combine security practices across your organization..
u.k.digest.....
