Cyber Crooks Looking for more than Financial Information

Recent research results have shown that most browsers continue to be vulnerable to various Web-based attacks. In other news, researchers from Finjan, Inc. have found servers with stolen health care and airline credentials, while TrendMicro, Inc. officials announced the development of its smart protection network.

Focal Points:

• Researchers from EnableSecurity said that they still find many security vulnerabilities in Web-based HTML forms. While there have been many improvements to most of the leading Web browsers, most still have bugs left associated with commonly used HTML forms. Some of the browsers that are still vulnerable to this attack include Microsoft Corp.'s Internet Explorer 6, 7 and 8 (beta 1), Opera 9.27 and 9.5, as well as Safari 1.32 and 3.1.1. While most browsers block well-known ports from attack, Internet Explorer and Opera are not set up to block as many as either Safari or Firefox. This problem is especially an issue when hackers try to force communications with non-HTTP servers.
• Researchers from Finjan have found that hackers are now looking for information on servers and client machines beyond basic financial data, such as credit card and other financial information. Some of the information that hackers are now looking for include single sign-on (SSO) credentials. This information can be used to gain access to patient and financial information. Other information attained with SSO data includes airline carrier passenger information, cargo, flight schedules, and information on airline security measures. Researchers have determined this information can be more valuable, since it is believed more money will be paid for this information on the black market. Credit card information used to be worth $100; today the street value is $10-20 per card.
• Officials from TrendMicro recently introduced enhancements to its smart protection network. Officials said they have changed their approach to minimize having to constantly download security patterns onto clients.  Officials stated that their intent is to stop Internet-based attacks "in the cloud", as part of a multi-layer security strategy that pushes security further into the network. Officials said its new solution is a combination of on-premise security with its hosted security solution. With the number of detectable security patterns growing from 50 a day in 2005 to 5000 a day today, TrendMicro officials believe putting this detection in the network is more effective than trying to push this daily update to every endpoint. 

Experton Group believes security managers will need to have a combination of client-based, edge-based, and network-based security tools to effectively prevent malicious Internet-based security attacks. Experton Group also believes that signature-based detection will never keep up with multi-vector, zero-day attacks. Because of the rapid change of modern attacks, IT executives must add behavior-based analysis to future end-to-end security protection.