McAfee today issued its annual Virtual Criminology Report on current and emerging global cyber security trends, much of which reiterates what has been apparent for some time: there is a cold war taking place through the Internet with the help of malicious hackers.
The report, a collection of input from the FBI, NATO, the Serious Organised Crime Agency (SOCA) in England and experts from leading security groups and universities, covers three significant trends facing the Internet and world community, which are pretty much one in the same.
They are: an increase in international espionage, with “cyber cold war” becoming a reality; an increase in threats to personal data and online services; and an underground economy that equips criminals for cyber crime with increasingly sophisticated tools.
In the area of the “cyber cold war,” McAfee found that 120 countries are now using the Internet for Web espionage operations, with China as one of the worst offenders. There have been a number of attacks originating in China, many led by a hacker called Wicked Rose, and often targeting U.S. military interests. McAfee has gotten in samples of targeted malware aimed specifically at government agencies and contractors that came from Wicked Rose.
According to the London Times, the Pentagon logged more than 79,000 attempted intrusions in 2005, and about 1,300 were successful, including penetrating of computers for the Army’s 101st and 82nd Airborne Divisions and the 4th Infantry Division. Chinese hackers have also intruded on the State Department’s computers and the US Naval War College’s network.
It has gotten to the point that President Bush said he would raise the issue with Chinese President Hu Jintao at the APEC Summit last September. China denied involvement even though security experts fairly conclusively traced the source of the attacks back to China. “I don’t expect that governments will jump up and raise their hand and say ‘yes it was us’,” said Craig Schmugar, a threat research manager for McAfee’s Avert Labs.
But despite Bush’s comments to Hu and an urgent warning to Congress from the US-China Economic and Security Review Commission about the Chinese threat to American systems, it seems to take a lot to get some attention on the problem. “Some of these attacks aren’t a priority, due to a lack of resources. Unfortunately, it’s going to get worse before they finally put some muscle behind it,” said Schmugar.
The second issue is the increasing sophistication of threats. “It’s hard not to notice that,” noted Schmugar. “The Storm worm will be a poster child to other malware authors.” Storm was a particularly nasty worm that has been very hard to eradicate because it is so complex and sophisticated and its method of replication is so hard to stop.
Part of the problem is cyber criminals now have access to the equivalent of a software development kit to build their malware, meaning even a beginner can now make a fairly dangerous piece of malware.
Schmuger also said there is an increase in the sophistication of attacks. Whereas before malware was hidden in an out of the way location easily blocked by security software and gateways, now there is an increase in compromised reputable sites, either through ad sites or cross site scripting.
The third issue ties in with the second, and that is the underground economy for criminal enterprises. There are sites dedicated to selling the malware kits, identities, credit card information, bank information and known vulnerabilities in software.
“Competition is so fierce that ‘customer service’ has become a specific selling point,” said the report. For some time, malware sites have been offering service contracts with their malicious code, providing support and updates to the code for a fee, just like a professional software company would do.
Next year, McAfee expects to see a rise in highly resilient viruses like the Storm worm and attacks on new technologies, such as VoIP and social networks.