The security landscape may be rapidly evolving, but the clue to standing a better chance in the fight against threats could be in looking back, not forward.
Chia Wing Fei, F-Secure's senior security response manager, pointed out in an e-mail interview, today's threats ring of themes such as stealth, sophistication and financial gain.
Eric Chong, regional marketing director at Trend Micro, said in an e-mail that cybercriminals have evolved their modus operandi not only in coming up with variants to penetrate existing security measures, but also by mirroring attacks "with the way users think about and use technology in day to day communication". For instance, attacks around a decade ago were via e-mail attachments; today, attackers have moved to shared devices and social networking platforms on the Web.
Yet, according to Paul Ducklin, Asia-Pacific head of technology at Sophos, "modern cybercriminals aren't as novel and inventive as we sometimes credit them with being".
People, he noted in an e-mail, fail to learn from the past and end up falling victim to newer threats. "Modern threats like Conficker succeed by exploiting the same sort of holes, for example unpatched computers and poor passwords, as the earliest network malware," he pointed out.
Alwin Ow, Symantec's senior director of systems engineering in Asia-Pacific and Japan, concurred. "So far this year, Symantec has observed that older attack techniques have resurfaced and are part of the methods used in several recent and highly publicized threats such as Koobface, Conficker and Trojan.Dozer."
In an attempt to get a better hold of current and potential attacks, ZDNet Asia finds out from Trend Micro five cyberthreats perceived to be the most dangerous in the last decade, and why.
1. Conficker or Downadup
Termed as Downad by Trend Micro, the first variant of the worm appeared in November 2008, targeting the MS08-067 vulnerability. It spawned several other variants, with each new one an improvement over the last. New propagation avenues were added, including USB drives. The worm has successfully generated 50,000 domains, of which it has connected to 500, noted Chong.
Symantec's Ow added however, the first Conficker variant did not quite achieve the level of disruption it was capable of. The estimated infection was 500,000 "due to an aggressive infection routine and a sophisticated exploitation algorithm, which makes use of geolocation and OS fingerprinting", he explained.
2. Koobface
The Koobface worm first appeared in August 2008, targeting social networking sites such as Facebook by infecting user profiles. Koobface possessed a dynamic update capability, allowing it to spread to other social networking sites and perform more malicious routines.
3. Zbot
The Trojan variants infect machines via e-mail or Web exploits. Underground research and documented cases reveal Zbot to be a thriving business where infected computers give up their owners' personal information--including credit card data--to remote servers run by cybercriminals.
Zbot variants are especially damaging due to their ever-changing social engineering techniques, according to Trend Micro.
4. Slammer
The worm is notorious for drastically slowing down general Internet traffic in 2003 despite being a solitary packet worm in memory, attacking without a file system component. It exploits a patched buffer overflow bug in MS SQL Server and Desktop Engine, and its trickling effects are still observed in current times.
5. I Love You
The Loveletter virus, also known as Love Bug, plagued inboxes in 2000 and infected some 10 percent of computers worldwide, with each system harboring an average of 600 infected files. It had a destructive payload, overwriting files with multimedia file extensions.
0 komentar:
Posting Komentar