As cyber-threats become more sophisticated in 2012, users will become increasingly vulnerable to exploitation by malicious websites, stealth botnets, and wholesale commercial-use of stolen data caches, wresting away user confidence in the Internet.
Georgia Institute of Technology recently released its annual analysis of the cyber threats facing Internet users in 2012. Prepared by its Information Security Center (GTISC) and Research Institute (GTRI), the report was presented at the recent Georgia Tech Cyber Security Summit, where academia, industry, and government IT security specialists gather each year.
"Malicious actors have the ability to compromise and control millions of computers that belong to governments, private enterprises, and ordinary citizens," said Mustaque Ahamad, director of GTISC in the report. "Academia, the private sector, and government must work together to understand emerging threats and to develop proactive security solutions to safeguard the Internet and physical infrastructure that relies on it."
According to the report, security measures are not keeping pace with the bad-guys’ increasingly sophisticated techniques to capture and exploit online user data.
Security guru Bruce Schneier weighs the ROI to enterprises in securing their computers, finding the optimal level of security balances cost of breeches versus cost of security measures.
Attacks "are becoming increasingly sophisticated and better funded," said Bo Rotoloni, director of GTRI’s Cyber Technology and Information Security Laboratory (CTISL). "We can no longer assume our data is safe sitting behind perimeter-protected networks. Attacks penetrate our systems through ubiquitous protocols, mobile devices, and social engineering, circumventing the network perimeter."
The most sobering aspect of the report is an emerging trend by which stealth botnets collect vast databases of personal information about users, then package it as if it were legitimately collect information that they then sell into reputable marketing channels. According to the report, sales leads qualified in this way can be sold for up to $20 each. As security experts work to plug this hole by targeting malware command-and-control computers, the bad guys are progressing to peer-to-peer botnets that fill-out online forms with stolen information to secure new services such as credit lines that direct funds to the bad guys.
Malware dealers are also gaming search-engine-optimization (SEO)--called search poisoning--in order to insert their phony websites into Google results, further eroding user confidence in the Internet. And here too, the bad guys are one step ahead of attempts to prevent malicious use of SEO. For instance, infecting domain name server (DNS) provisioning systems can directly substitute malicious URLs for legitimate ones. And by fortifying infected DNS servers with stolen or counterfeit certificate authorities, even security experts cannot tell legitimate websites for banks and other financial institutions from phony ones designed to collect usernames and passwords.
Last year the USB stick was the easiest way for malware to get around firewalls, but in 2012 the mobile phone will serve the same end of installing stealth malware on otherwise secure computer systems, according to the report. The new frontier in malware--mobile devices--appears even more daunting, as vulnerabilities in wireless browsers for handhelds often endure even after they are discovered. Particularly troublesome is the fact that there is no routine way to install security updates on many mobile devices.
Legions of mobile-phone stealth botnets are already silently growing. And even if all mobile browsers were to adopt a standard security update methodology, the bad guys are already one step ahead with compound threats which combine web browser, email, and text-messaging vulnerabilities to sidestep holes plugged in any one medium.
To combat the mobile threat, Georgia Tech is working with nine mobile browser makers in 2012 to identify and remediate their vulnerabilities.