Cyber Attacks Reveal Infrastructure Holes

May 30, 2012
By Rita Boland, SIGNAL Online Exclusive

More cyber attacks launch from within the United States than anywhere else according to the latest threat report from McAfee, but the implications of the statistics are less obvious than they appear. Cybercriminals from other nations are routing their aggression through vulnerable U.S. Internet protocol (IP) addresses because outdated domains make easy targets. So while the country might not be the biggest breeding ground for hackers, its infrastructure has troubling weaknesses.

Websites that have gone without updates for the past five to six years are easy targets for malicious actors who exploit the outdated security and coding. "Our infrastructure has shown a lot of signs of weakness and age to be exploited," Adam Wosotowsky, messaging data architect at McAfee, explains. Part of the problem lies in the fact that the United States is an Internet pioneer. People from other countries often host their sites through U.S. infrastructure because it can withstand threats such as denial-of-service attacks. In addition, since no other country has more advanced Internet experience, the United States has to initiate solutions.

Older domains also are a commodity to hackers, because officials have a harder time blocking them. When a site is known to be malicious, measures can be taken to refuse content from it. But when an address historically has been trusted, blocking content becomes more complex.

Wosotowsky says discussions in the information technology community have centered around creating a kill switch the government could use to block external entities’ access to U.S. infrastructure. However, if an IP address already is infecting the infrastructure, more difficult resolution methods must be used, and many people want to allow legitimate organizations to operate. The simplest solution is for owners of sites or domain names to take precautions such as keeping software up to date, using good code and monitoring for problems.

Another threat that continues to grow is mobile malware, due in part to better techniques for finding it. Android platforms are more susceptible than iPhones, but Wosotowsky says that most problems occur when people disable their security to download apps from sites other than the official Android store. Security within the store is solid, he adds.

One of the best indicators that a smartphone is infected is the monthly bill. Malicious actors are installing infections that send SMS messages to numbers that charge money so costs increase. Even if the increase is only $10, criminals who can infect 500 machines pull down a tidy sum each month. Wosotowsky urges people to pay attention to their bills and ensure prices remain fairly steady.

Two other major problems are the growing sophistication of rootkits and the increasing numbers of botnets. The former establishes user-level access on platforms, gaining access to personal information and the ability to download more malware. Numbers in the first-quarter threat report indicated a spike, and Wosotowsky says, "I think we're going to see a big growth of rootkits this year." Botnets are becoming more advanced as their creators react to increased security against them. Wosotowsky explains that as more people are arrested for launching them, the underworld of the Internet will have more call for other hackers who can take their places.

Another area of major concern to Wosotowsky is an increase in phishing especially because criminals and their technologies no longer have to guess at legitimate email addresses. "They're not sending to nonexistent accounts anymore," he explains. The result is more targeted attacks that are difficult to block and sometimes hard to identify.
Enjoyed this article? SUBSCRIBE NOW to keep the content flowing.