Print

Comment

Email

Digg

Del.icio.us

Reddit

Whenever someone speaks about network or IT security, the thought rarely goes beyond hackers and attackers releasing viruses, worms or trojans. But 2004 saw increased activity on invasion of privacy and confidentiality of users through spywares and phishing.

According to a report by WatchGuard Technologies, 67% of security managers said spyware posed greater threat to their networks than viruses, and 10% considered phishing as a major threat. While 65% agree that they are least protected against spyware, still they concentrated more on handling viral attacks.  

In another report on security threat by Symantec, between July 2004 and December 2004, of the top 50 malicious codes, spywares comprised 5%, up by one percent when compared with the first half figures of 2004. For phishing, the figures were scary with more than three fold increase in the number of attempts being filtered per week. In July, almost 9 mn phishing attempts were filtered, which went to 33 mn in December.

Both spyware and phishing, in most cases, do not cause much harm to the network directly apart from hogging the bandwidth. But for e-commerce companies, financial institutions, and organizations transacting over the Internet, they pose serious threats. These malicious programmes or codes can be used to gather sensitive and confidential data such as credit card numbers, passwords, and user IDs, and can cause huge financial losses.

PHISHING FOR CONFIDENTIAL INFORMATION
Symantec defines phishing as an attempt by a third party to solicit confidential information from an individual, group, or organization, often for illicit financial gains or other fraudulent purposes. Though web browsers and e-mails are the most common ways used for phishing, it can also ride on spywares and blended threats.

According to CERT, between July 2004 and February 2005, there was a 28% growth in the number of phishing sites and in February alone there were 2625 active sites. And, just six brands comprised 80% of the phishing attacks.

Unlike spyware, phishing requires some kind of consent or approval of the user in giving out the information. The attacker usually employs social engineering where it asks your account number, passwords etc over a fraudulent form. The form would appear genuine, as it would carry the logo and other information about the organization, while it gathers the inputs for the attacker.

Pharming is another way of redirecting users from real websites to fraudulent sites and then through key-loggers and malware sitting on the desktop identify your confidential information.

REDUCING PHISHING RISKS
Detection and filtering of e-mails at the server level is the primary step any organization should be taking to reduce phishing attacks. The absence of SMTP authentication helps sending spoofed e-mails, and unless mail server authentication standards are developed, attacks are likely to continue. Gateway and desktop filtering may also help in reducing such threats.  

User awareness is important in dealing with fraudulent mails. The user should be told not to reveal any sensitive information over the mails or Internet. Enterprises, particularly  those involved in financial transactions should strengthen their policy regarding sending e-mails with digital signatures and embedded  links. Anti-phishing tools and detection tools  also help reduce threat from phishers.

SPIES ON YOUR NETWORK
After viruses, spywares and adwares are perhaps the two biggest threats to confidentiality, availability, and integrity of data on a network.  Spyware refers to stand-alone programs that can secretly monitor system activity and relay the information back to another computer. As information gathering can be done through keystroke logging, capturing e-mails or messenger traffics and even intercepting information before it is encrypted over a network, it can bypass firewalls, VPNs or secure connections. However, some of the spywares might be legitimate programs installed to monitor employees' Internet usage.

Spyware and adware also need some program to ride on and get into a system. This can be done through the web browser, e-mails or can be bundled with software. Some companies even lower the cost of software and provision for third party adwares in their end-user license agreements (EULAs). Once on your system, these programs sit there and monitor the usage, gathering and sending relevant information to the hacker.  

The best way to find out whether your network has got these malicious programs or not is to monitor its speed. If the speed drops abnormally and more pop ads start appearing, then the chances are that you have been hit!

NEUTRALIZING THE SPIES
Not all spyware and adware are malicious and a blanket ban on all cannot be enforced. Like disabling ActiveX feature on your browser affects web browsing and can display incorrect pages. Similarly, some pop ads might contain useful software, and blocking all of them can result in a loss.

However, enterprises have to have some policies to secure the networks. The difference between a good security tool and policy and a bad one, is its ability to filter out the malicious and harmful activities. Regular monitoring of security policies and tools helps contain their spread. However, being mostly Internet driven, the system audits should ensure that no unauthorized software is being installed from the Internet. Policies on disabling ActiveX and EULAs have to be carefully laid down. And in the end, it all boils down to the common sense of the end-user on how he accepts software from unknown, untrusted third party.

Anurag Prasad
vadmail@voicendata.com