[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[infowar.de] CERTS warnen vor automatisierten Attacken
By James Middleton [09-04-2002]
Hacking tools are becoming increasingly sophisticated
The Computer Emergency Response Team (Cert) has released a report
pinpointing the six fastest evolving trends in the black hat world of
The organisation, which has been monitoring hacker activity since
1998, found that the most notable trend to evolve over recent years is
the automation and speed of attack tools.
Although widespread scanning over the internet has been common since
1997, today's tools are set to maximise impact and speed.
Freely available attack tools now exploit vulnerabilities as part of
the scanning process and are capable of self-initiating new attacks on
a well-managed and co-ordinated global scale.
"We've seen tools like Code Red and Nimda self-propagate to a point of
global saturation in less than 18 hours," said Cert.
Public communications protocols such as IRC and Instant Messenger have
now become popular methods for co-ordinating attack tools.
The tools are more sophisticated, and their signatures are more
difficult to discover through signature-based systems such as
antivirus software and intrusion detection systems.
Attack tools are capable of disguising their nature, varying their
patterns and making use of polymorphic techniques to upgrade or
replace portions of themselves.
Commonly used protocols such as IRC or HTTP are being used to disguise
malicious code among legitimate network traffic.
Cert also warned that the number of vulnerabilities discovered has
more than doubled each year, making it nigh on impossible for
administrators to keep on top of patches.
"Intruders are often able to discover these exemplars before the
vendors are able to correct them," warned the authority.
The increasing permeability of firewalls is also posing a problem, as
security is being sacrificed to convenience. More technologies are
being designed to bypass firewalls, such as IPP (the Internet Printing
Protocol) and WebDAV (Web-based Distributed Authoring and Versioning).
While marketed as being 'firewall friendly' these technologies are
actually designed to bypass typical firewall configurations. Other
examples include aspects of 'mobile code', such as ActiveX, Java and
Because security on the internet is, by its very nature, highly
interdependent, another increasing threat to each system's exposure to
attack depends on the state of security of the rest of the systems
A single attacker can relatively easily employ a large number of
distributed systems to launch devastating attacks against a single
Cert found that the increasing threat from infrastructure attacks
takes on four general methodologies.
Distributed Denial of Service attacks use multiple systems to attack
one or more victims. Cable modem, DSL, and university address blocks
are increasingly targeted by intruders planning to install these
Worms, or self propagating malicious code, couple a highly automated
nature with the relatively widespread number of vulnerabilities still
unchecked, to compromise a large number of systems within a few hours.
Code Red infected more than 250,000 systems in just nine hours on 19
July last year.
Domain Name System architecture is also being targeted more
frequently. The 13 top level domain servers for .com, .net and .org,
along with those managing the country level domains, have long been
considered a single point of threat in internet security.
And routers are increasingly being targeted, because they can be used
as attack platforms against the rest of the internet infrastructure.
Cert said that the largest impact of these security events may well be
the time and resources required to deal with them.
Analyst firm Computer Economics recently estimated that the total
economic impact of Code Red was $2.6bn, and that SirCam cost another
$1.3bn. The 11 September attacks will cost around $15.8bn to restore
IT and communication infrastructure.
The full report can be found here.
Dipl. Pol., wissenschaftlicher Mitarbeiter
HSFK Hessische Stiftung für Friedens- und Konfliktforschung
PRIF Peace Research Institute Frankfurt
Leimenrode 29 60322 Frankfurt a/M Germany
Tel +49 (0)69 9591 0422 Fax +49 (0)69 5584 81
Mobil 0172 3196 006
- hsfk -
Mail an infowar -
- infopeace -
de mit "unsubscribe" im Text.