Be on the wave or under it
The News – 02/28/02
A Bad Year for Security Incidents
As I gear up to co-produce CyberCrime
Fighter Forum 2002 on March 12th, I return my attention
to the subject of security, or the lack thereof.
I was recently asked by an executive if
there wasn’t a component of urban myth to all this recent emphasis on
CyberCriminals (crackers, script kiddies, virus writers and the like).
Were there really that many attacks on systems? Are viruses really the
problem the anti-virus vendors make them out to be? Are security breaches
really costing business the millions of dollars reported?
These are all good questions. Of course we shouldn’t take all the hype
and hysteria on faith. There are many in the industry for whom crying
wolf is self-serving. Nevertheless, there are many sources of somewhat
objective information on security breaches.
One of the most difficult aspects of CyberCrime to pin down is the
amount of actual damages. You’ll find estimates all over the map, from
the FBI’s estimate
that computer losses are up to $10 billion a year to Computer Economics’
that the worldwide impact of malicious code was $13.2 billion in 2001.
Computer Economics stated that the biggest losses were caused by SirCam
($1.15 billion), Code Red (all variants $2.62 billion), and NIMDA ($635
Estimates are fine, but published reports of actual losses are better.
However, most corporations would rather be summoned before Congress
than admit to a security problem. Of course, if they can use a security
breach to justify bad fiscal performance, like CryptoLogic did, that’s
another story. CryptoLogic, a Canadian maker of gambling software, reported
a 10 percent drop in fourth-quarter revenue primarily due to a charge
taken as the result of a security breach.
So where are these threats coming from? Most people point to CyberCriminals
on the Internet, but they may be only a small part of the problem. The
FBI and the Computer Security Institute performed a survey
on CyberCrime and found that 81 percent of corporate respondents said
the most likely source of attack was from inside the company. This confirms
the conventional wisdom among security administrators that the biggest
problem is your own employees or contractors. And according to an @stake
Security research report
entitled The Injustice of Insecure Software, 30 percent to 50
percent of the digital risks facing IT infrastructures are due to flaws
in commercial and custom software. According to CERT®,
security vulnerabilities more than doubled in the last year, from 1,090
holes in 2000, to 2,437 reported in 2001. Likewise, the number
of reported incidents also drastically increased from 21,756 documented
in 2000 to 52,658 in 2002.
This year is very likely to be worse, according
to SecurityFocus co-founder and CEO Arthur Wong, who spoke
recently at RSA Conference 2002. According to Wong, around 30 new software
vulnerabilities were discovered each week In 2001, and this represented
a decrease in the trend that produced a doubling of new vulnerabilities
each year for much of the late '90s. He expects 2002 to bring a return
to old growth rates, and predicted that 50 new software security holes
will be found each week in the coming year.
Michael Vatis, the former director of the
National Infrastructure Protection Center (NIPC) agrees, saying,
“The rate of growth of our vulnerabilities is exceeding the rate of
improvements in security measures.” He’s most worried about CyberAttacks
that could bring down ATMs, power grids and public transportation systems.
If you’d like to get a near real-time picture
of attacks worldwide, check out SecurityFocus’ ARIS
Predictor. This service shows the actual number of incidents worldwide
based on a sample of installations that contribute log information.
Against this rising tide of attack reports is a contrary stat: Security
breaches and hacking attacks have actually decreased since the September
11 terrorist attacks, according to the Federal
Computer Incident Response Center (FedCIRC). FedCIRC shows just
15 incidents of intruder activity reported in December 2001, less than
a third of that recorded in December 2000.
Where are all these attacks coming from? It turns out Europe is a virus
hotbed, according to a report
from mi2g's Intelligence Unit. The Continent accounts for 57 percent
of the world's malicious code writing activity, with 21 percent originating
from Eastern Europe, including Russia. While conventional wisdom may
tell us otherwise, North America only accounts for 17 percent of viruses
developed, and the Far East only 13 percent. The most prolific virus
writers, according to the report, are Zombie, author of the Executable
Trash Virus Generator; Benny from 29A virus group and author of the
.Net Donut virus; Black Baron, author of Smeg; David Smith, author of
Melissa; and Chen Ing-Hau, author of CIH.
So the solution for businesses is to stay alert, and stay patched.
Make sure you’re always running the latest antivirus software and the
latest patches on your operating systems and applications. However,
Alan Paller, director of Research at the SANS Institute, said,
“There are certain attacks that nobody can block. . . . If your people
aren't absolutely, all the time on the latest patches, you're going
to get hit.”
So hey, hey, hey! Let’s be careful out there! If you’re in the Twin
Cities on March 12, be sure to attend the CyberCrime
Fighter Forum 2002 and learn more about how you can be safe.
- Shameless Self-Promotion Dept.: Did I mention
Forum 2002? Also, in conjunction with the new CTOMentor paper,
Basic Home Networking Security, we're running a survey on home
networking policies and procedures. The first survey cycle closed
yesterday, but you can get in on the second,
which will run through March 11.
CTOMentor is also offering a two-part white paper on peer-to-peer
technology: Peer-to-Peer Computing and Business Networks: More
Than Meets the Ear. Part 1, What is P2P?, is available
for free on the CTOMentor Web
site. Part 2, How Are Businesses Using P2P?, is available for $50.
- International Reach: A note from a reader
in Guam prompted me to check out the subscription list and see where
in the world SNS is going. There are subscribers in Australia, Canada,
Germany, Greece, Guam, India, Italy, Japan, and the UK. Besides noting
the obvious country suffixes on some of the email addresses, I used
a cool tool called VisualRoute to determine subscriber’s location.
Alert SNS Reader Bob Burkhart let me know about this program. You
type in an URL or an email address, and it shows you all the network
hops between your computer and the target. That’s not spectacular,
but what is nice is VisualRoute looks up the DNS records on the final
computer and pulls out any location information, which it reports
The bad thing about this software, which is free for trial use, is
it doesn’t clean up after itself completely when you exit it. On a
Windows 2000 machine it left MsPMSPSv.exe (the Microsoft Digital
Rights Manager) and wjview.exe (Microsoft VM Command
Line Interpreter) running after it exited. I recommend using your
software firewall (What’s that? You don’t have a software firewall?
Get one! And read the new CTOMentor
on home network security ) to only grant one time access to the Internet
for the various programs VisualRoute uses (including vrping1.exe, and vrdns2.exe) just
to be safe.
- Microsoft As Security Threat: I missed this
item from the irreverent UK site, The Register, back in December.
They pull no punches in describing Microsoft as a bigger threat to
security than Osama Bin Laden. Read the article and see if you agree.
- MessageLabs Says Viruses on the Increase:
Message Labs, which sells
a hosted antivirus service for email, reported that it detected one
virus per 370 emails in 2001, compared to one in 700 in 2000 and one
in 1400 in 1999. The 2001 total of 1,628,750 infected emails that
MessageLabs detected broke out this way:
- More than 500,000 were infected with
the SirCam.A virus
- 258,242 with BadTrans.B
- 152,102 with Magistr.A
- 136,585 with Goner.A
- 90,473 with Hybris.B.
Take Our Survey
Return to Mike’s
Copyright © 2000-2008, StratVantage Consulting, LLC. All rights
Please send all comments to
Looking to light up your office, your business, or your city?
The WiMAX Guys™ can help you easily provide secure wireless Internet to your customers.
The WiMAX Guys specialize in designing and running wireless networks. We're experienced, we're quick, and we won't cost you an arm and a leg. Give us a call today provide your users a wireless Internet experience tomorrow.
Alert SNS Reader Hall of Fame
About The Author
a New Service from StratVantage
Can’t Get Enough of ME?
In the unlikely event
that you want more of my opinions, I’ve started a Weblog. It’s the fashionable
thing for pundits to do, and I’m doing it too. A Weblog is a datestamped
collection of somewhat random thoughts and ideas assembled on a Web
page. If you’d like to subject the world to your thoughts, as I do,
you can create your own Weblog. You need to have a Web site that allows
you FTP access, and the free software from www.blogger.com.
This allows you to right click on a Web page and append your pithy thoughts
to your Weblog.
I’ve dubbed my Weblog
entries “Stratlets”, and they are available at www.stratvantage.com/stratlets/.
Let me know what you think.
Also check out the TrendSpot for ranking of
the latest emerging trends.
14, 1928 - July 5, 2003
Jane C. Ellsworth
20, 1928 - July 20, 2003