Search



AuthenticationWorld.Com

About

This page contains a single entry from the blog posted on April 19, 2007 9:22 AM.

The previous post in this blog was Credit Unions and Phishing Attacks.

The next post in this blog is Growing threat...rootkit sophistication.

Many more can be found on the main index page or by looking through the archives.

Subscribe to this blog's feed
[What is this?]

« Credit Unions and Phishing Attacks | Main | Growing threat...rootkit sophistication »

Maturing market - botnets battle for marketshare

Kelly Jackson Higgins yesterday wrote a piece in Dark Reading "Botnets Battle Over Turf". It's an excellent read on the what I call a "mature market" i.e botnets.

With up to one quarter of all computers on the internet infected with malware, criminals are now battling it out to control the botnets. They're not worried about the police or anti-virus vendors, they're battling it out between themselves.

As Kelly's article states: "
But the savvier botnets go the extra mile to protect their captor capital: Some actually "secure" the bot machines they have infected so no other botnets can steal them or utilize them, too. They install patches on their bots, for instance, to close the security holes and shut down open ports that are vulnerable to attack. "They are installing defenses to make sure no one else doubly infects the machine," says Paul Mockapetris, chairman and chief scientist of Nominum. "There are instances where a machine is infected, and part of that is defense against another infection."

Patching their bots and shutting out other botnets is no harder than initially recruiting a machine as a bot, security experts say. "It would be trivial for a bot to compromise a machine and apply Microsoft's recommended workarounds to prevent re-infection," says David Maynor, CTO of Errata Security.
"

What can be learned from this?

1. The current state of anti-virus and intrusion detection programs is not going to protect your enterprise 100% of the time. In fact, you might be lucky to get 80-90% protection.

2. The enterprise needs many multiple layers of security. Once the criminals are through the front door, they need to face a series of doors to go through as they try and progress to more risk sensitive information and applications. Use stronger authentication as part of this.

3. Don't expect strong authentication to protect your enterprise crown jewels. Once criminals are inside the enterprise electronically, they can deploy trojans and possibly set up internal phishing attacks that breach your strong authentication.

4. Use transaction authentication to protect your enterprise crown jewels. Even if the user successfully authenticates, use all sorts of other factors to ensure they are who you think they are.

5. Have filters on all traffic leaving the enterprise to check it out for sensitive material leaving the enterprise that shouldn't.

6. Educate your users continuously about malware attacks. 77% of attacks begin with the user clicking on something. Reduce the initial chances of malware success by getting users to change their work habits and not to click on links in email, instant messaging or opening up unexpected document attachments.

There's a dark cloud out there that is likely to get darker over the next two years. While criminals battle it out for market share, make sure your enterprise is able to withstand the attacks.

Guy
www.authenticationworld.com
guy.huntington@authenticationworld.com
604-921-6797

Posted by Guy Huntington on April 19, 2007 9:22 AM |

TrackBack

TrackBack URL for this entry:
http://www.authenticationworld.com/cgi-bin/blog/mt-tb.cgi/208

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)