Ed Amoroso, CISO of AT&T, blames rampant technological complexity for the rise in malware. "The primary root cause for almost everything we deal with--commercial customers and everything--is complexity. The computers and networks that people set up and use have become way too complicated," says Amoroso. Since no one knows exactly where all the connection points between systems lie, it is easy for wrongdoers to exploit them. "I've read that 95 percent of the spam that is floating around is botnet-originated," he adds. "It's all about complexity--people not knowing how to stop it on an individual, corporate and information security level."
Like Amoroso, Joonho Lee worries a lot about the advent of integrated DoS attacks. "DoS used to be about large-volume traffic hitting your network," says Lee, an officer for the National Incident Response Team and assistant vice president at the Federal Reserve Bank of New York. "Now, there are so many different types of attacks. It's not just flooding you with traffic anymore. It's flooding you with traffic that you can't block.
"We have all the DoS protections, but I'm very skeptical about them always working. If you get hit by a 40-gig-per-second pipe, it's going to knock you out, either your network or your provider," says Lee. "The hackers are leveraging hundreds of thousands of machines. DoS is definitely back on the horizon."
Rena Mears, a partner in security and privacy services for Deloitte & Touche, believes the malware supply chain is itself approaching maturity. "You go back a decade, and it was a few people doing mental gymnastics. Then we moved to an era where it was monetized [via phishing and spam]. The next step was the massive quick hit--equivalent to a bank robbery. Now we are seeing something much more insidious," says Mears. Malware and its perpetrators are growing increasingly sophisticated.
Rather than carrying out the massive hit-and-run DoS attacks of the past, today's malware seeks to sustain itself at a relatively low level, similar to the way a parasite survives in nature. "This is more of a constant-stream-of-revenue strategy. The malware agent can live below the organization's pain threshold, but it siphons off information to compromise intellectual property or scoop up credit card information," Mears says.
Lee, for one, does not believe that network service providers can adequately protect against the threats posed by new-breed malware. Amoroso of AT&T acknowledges that the situation is difficult, saying only that, like other providers, AT&T has developed multiple strategies for handling new-breed DoS attacks. He believes that the increasing popularity of thin clients will help thwart these attacks because they are simpler, with fewer moving parts to attack.
No. 3 Game-Changing Force: Economic Downturn
Sign up for Computerworld eNewsletters.