All the latest UK technology news, reviews and analysis
|
|
|
15 Jun 2010
Threats to the internet have increased significantly in recent months as cyber criminals step up the frequency and sophistication of their attacks, leading to a need for drastic action on the structure of the internet, according to experts speaking at a recent Neustar security forum in London.
Security professionals are constantly playing catch-up to cyber criminals, and the speakers put forward arguments about how the internet DNS should be secured through the use of DNS Security Extensions. However, they argued that in the longer term, the whole design of the internet needs to be rebuilt from scratch in order to mitigate the increasing risks.
Neustar chief technology officer Rodney Joffe explained that the security event had been designed to raise awareness among large organisations in the UK about new internet threats.
"The threat landscape has really changed. Originally we were dealing with youngsters, then it was criminals, but now it is more international and we are looking at corporate espionage and threats from nation state actors," he said.
"Threats that have surfaced in the last few months are unlike those people have looked at before. Most of the time people look at threats relating to desktop or system compromises, but these are treatable by taking steps within a company.
"Now there are vulnerabilities that are network-based and, because of weaknesses in the protocols, there are no easy solutions."
Joffe gave examples of how cyber criminals have grown more sophisticated in recent months, referring to a growth in Zeus-based automated clearing house (ACH) fraud, the Google hacks, new flavours of DNS cache poisoning and Border Gateway Protocol (BGP) route hijacking.
A poll conducted at the event showed that the majority of attendees were unaware of the examples used by Joffe even though they have been publicised widely in the media.
The spread of Zeus has been occurring since January last year but Joffe, who has written a white paper on the subject that he said is being used by the FBI, warned that the banking Trojan is becoming a more pressing problem every day.
Zeus taps into the ACH network used by businesses and individuals to make electronic transactions. The software is being sold for thousands of pounds in the criminal underground because it allows hackers to harvest banking details from infected computers.
Joffe suggested that, as the ACH network becomes more widely used for online payments and transfers, it will become more of a target for criminals.
Latest stories from Security
Related articles
Related jobs
Poll
What is the most important IT priority for your company this year?
Connect with V3.co.uk
This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes
Why good data management at all levels is essential in the modern business (video, 6mins)
SAS / SQL Junior Data Analyst - Financial Services...
Mid level Java Developer - Systematic Hedge Fund Mid...
Mobile Developer - Android / Java / Blackberry My...
Financial Market Research, Consultancy, SPSS, Statistics...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?
Why everyone want to trust the internet ?
Why does everyone want to secure the Internet ? It is not secure by design and that is the best way to be. A secure Internet would be AOL or Compuserv and we don't want that. So if you are not competent enough to secure yours systems by layer or to be proactive about breaches don't wine about why we should scrap the internet and go back to buildind your own private network if you need to trust it. Frame relay still exist.
Posted by: Jean-François Rousseau 17 Jun 2010
"Why everyone want to trust the internet ?"
I think you are confusing security with proprietary interfaces. The internet is now a business platform as well as a consumer playground. You are correct that we don't want the internet to be rigidly controlled by one (or even a few) self-appointed judges but that is not a reason not to tighten up the securty of the fundamental protocols. You are incorrect to basically throw anyone who is not security literate to the wolves. Some people have other things to do with their lives. It is surely better for everyone if the number of threats (and their severity) can be managed by the infrastructure rather than relying on everyone being aware, never clicking on anything suspect and never making a mistake in configuration. We can already see how well that is working.
Posted by: J Mangan 17 Jun 2010