Cybercrime gains momentum
3rd April 2006 (Computimes)
BY Rozana Sani

CYBERCRIME-related threats are gaining momentum, which is bad news for enterprises as their information assets and infrastructure become more vulnerable to attacks.

Symantec Corp, in its ninth volume of the Internet Security Threat Report, anticipates an increase in malicious code activities that are designed specifically to generate profit over the next 12 to 18 months.

Malaysia is expected to remain a favourite target for attackers. According to the report, between July 1 and Dec 31 last year, Malaysia ranked 8 out of the 10 top-infected countries in the Asia -Pacific region.

Symantec Malaysia's presales technical consultant manager Ong Kah Wai said the threats are becoming more widespread, as attackers move away from large, multipurpose attacks against traditional security devices such as firewalls and routers.

Instead, they are focusing their efforts on regional targets, desktops, and Web applications that may allow them to steal corporate, personal, financial, or confidential information which could be used for additional criminal activities, he added.

According to Wai, programs that provide attackers with unauthorised control of a computer, known as bots, will also continue to catalyse cybercrime threats.

This is due to the rise in Web-based application and browser vulnerabilities, which could be easily exploited on.

In relation to that, Symantec expects that the commercialisation of vulnerability research will increase, with a growth in black market forums and an increase in vulnerability information purchased for criminal pursuits.

The Symantec Internet Security Threat Report provides a global analysis of network-based attacks, a review of known vulnerabilities, and highlights of malicious code and additional security risks.

Recommended practices for enterprises

1) Employ defense-in-depth strategies, which emphasise multiple, overlapping, and mutually supportive defensive systems to guard against single-point failures in any specific technology or protection method. This should include the deployment of anti-virus, firewalls, intrusion detection, and intrusion protection systems on client systems.

2) Turn off and remove services that are not needed.

3) If malicious code or some other threat exploits one or more network services, disable or block access to those services until a patch is applied.

4) Enforce an effective password policy.

5) Isolate infected computers quickly to prevent the risk of further infection within the organisation. Perform a forensic analysis and restore the computers using trusted media.

6) Train employees to not open attachments unless they are expected and come from a known and trusted source, and to not execute software that is downloaded from the Internet unless it has been scanned for viruses.