Fighting malware and spam

Changing battleground: security against targeted, low-profile attacks

Abhilash Sonwane Cyberoam

  download slides (PDF)

If Code Red, Netsky, Nimda and Slammer were the attention seeking, boisterous bunch of Internet threats that struck at random, today's attacks are crafty in their silence. Methodical and highly targeted, they avoid the limelight. What looks like a lull today is, in reality, a false sense of calm as attackers continue to launch silent attacks, siphoning funds, stealing personal identities and confidential information, and carrying out attacks of vendetta and exploitation.

These threats stalk the Internet world, targeting the lesser known, less defense-ready counterparts and individuals rather than the well-known entities. As a result, these attacks go unreported.

And it doesn't take a genius to carry out these attacks. All it takes is one ordinary hacker to obtain freely and openly available malware, crimeware and phishing toolkits to sniff out weak links and exploit individuals and enterprises.

This paper studies loopholes in individual and enterprise security, and how they are exploited, along with the existence of current threats and their evolution. It explores how innovation in the security industry must move towards defense-readiness, taking into account the human factor to recognize anomalous activity and deviation in user behaviour patterns.

Poll

VB2010