Combating the Full Threat Lifecycle of the Internet

Digital Content

Being connected to the Internet brings risks -- computers are at risk of infection, data is at risk of theft, employees are at risk of having their identities stolen, and the business is at risk of paying for bandwidth being wasted by hackers, spam, and unproductive websites. These problems are observed very frequently by our experts who visit organisations to review their IT security and recommend solutions. One such case was with a major corporate company in Tanzania whose network had literally come to a halt due to viral attacks, SPAM and uncontrolled usage of P2P.

Combating these risks is not solely the responsibility of IT. Business owners and executives in Africa need to understand the threats to their business and the options available to them to mitigate these risks.

In the security industry, experts often discuss "blended threats," which is a fancy way of saying that being connected to the Internet puts a business at risk in an almost infinite combination of ways. Any machine or network connected to the Internet is under constant attack from many different directions. One of the most prevalent and successful attacks today involves a series of steps that we call the Bot Threat Cycle.

The Bot Threat Cycle almost always starts with an email. The email's entire reason for existence is to get people to click on the link inside. Almost everyone has seen examples of these sorts of emails -- some pretend to be from PayPal or eBay, others tease unbelievable headlines about celebrities, politicians, or natural disasters. All of them point to websites that may look trustworthy, but are in fact controlled by a malicious person or group trying to install software on the computers of trusting and under-protected people. In Tanzania, and in many places in Africa, this is a very common problem where users receive emails purpoting to be coming from their bank asking unsuspecting users to verify their e-mail. National Bank of Commerce, which is one of the leading bank in Tanzania have put a fraud warning on their website which can be seen at http://www.nbctz.com/fraude.htm. Many banks all over the world have such notices on their websites.

The visited website will use a number of "exploits" -- mini-programs designed to take advantage of thousands of security flaws on individual computers -- to get the user's computer to download and install a bit of stealthy software that is a form of computer virus with remote control capabilities. This software, called a bot, can steal information off the local computer, capture passwords, or just be used as part of a global network of computers controlled by groups of attackers.

What do the hackers do with these computers they have control over? They attack other computers, use them to spread the installed software or take down websites. Recent examples of this type of use include the complete shutdown of the country of Georgia's public websites presumably by Russia or Russian mafia groups. Other uses include hosting illegal files and sending spam including spam designed to infect more users. Thus the cycle is complete and the newly infected computer is part of the bot network sending out spam to new users trying to expand the size of the bot network.

“There is no single answer to stopping this sort of threat, but it must be detected and stopped at every step of the process” says Gulam Chagani, the MD of Ebiz Solutions Ltd. His company based in Dar es Salaam, Tanzania, is a systems integrator and has been recently appointed distributor of eSoft, a leading provider of network security appliances. According to Mr. Chagani, EBiz Solutions takes an approach that is comprehensive and effective at stopping these threats that can happen today to any African companies.

eSoft detects and tracks bot networks in real-time and refuses to accept mail coming from known bots. Using eSoft's Email ThreatPak, phishing, spam, and other malicious emails are stopped in their tracks. However, if the email gets to the user anyway, for example when it arrives in their personal account, then if the user clicks on the link in the message, eSoft's Web ThreatPak blocks access to the malicious website. A typical African business would expect to receive not less than fifty such emails daily which would approximate to about a thousand such emails per month.

Gulam Chagani explains further that “the Distributed Intelligence Architecture (DIA) of eSoft, updates appliances in real-time as new malicious websites come online. Next, even if web filtering is off or the user is the first person to view the malicious website, eSoft's Intrusion Prevention (part of the Web and Email ThreatPaks) detects common web browser exploits and blocks them. And if the attacker is using a new and never-before seen exploit? Then eSoft's gateway anti-virus (part of the Web ThreatPak) will detect any downloaded viruses including new variants and suspicious files.

At EBiz, Gulam Chagani recently had the case of a customer that got infected when using his laptop on the road and then brought that laptop into the office. With eSoft's Intrusion Prevention that would not have been possible as it watches internal traffic for signs of infection as well as watching external traffic. This means that administrators can be alerted to infected machines and bots on their network immediately before that machine can do any damage.

According to a recent report by CA Internet Business Security, they have forecasted the following to be the major threats for 2008, though this is a general prediction but applies to African countries as much as it applies to any other country in the world.

1. Bots will dominate 2008: The number of computers infected by botnets will increase sharply in 2008. In an effort to become harderto detect, bot-herders are changing their tactics and decentralizing via peer-to-peer architectures. They are increasingly using instant messaging as their main vehicle for spreading botnets.

2. Smarter malware: There are new levels of sophistication in malware. Malware will target virtualized computers, and increasing use of obfuscation techniques to hide in plain sight, including steganography and encryptions, will help criminals conceal their activities.

3. Gamers under fire: Gamers already are a prized target, and stealing their account credentials continues to be a primary objective of online criminals. Gamers historically are more concerned with optimizing their PCs for high performance rather than for tight security. In 2008, virtual assets will equal real world money for Internet criminals.

4. Social networking sites in the crosshairs: Social networking sites will become increasingly popular and, as a result, more vulnerable. The large number of aggregated potential victims and relatively small concern for computer security make these sites a windfall for cyber thieves.

5. Web 2.0 services and sites will come under targeted attacks: While it is relatively easy to implement Web 2.0 services, it can be quite challenging to configure them to be totally secure. Therefore, many Internet sites using these services are easy targets with little outward indication that a site is compromised.

6. Windows Vista at risk: As businesses and consumers buy new computers, Vista's market share will grow. Although it is designed as Microsoft's most secure operating system, 20 vulnerabilities were reported in 2007, according to the National Institute of Standards and Technology. As more people use it, the more attackers will target it.

7. Mobile devices will still be safe: Mobile devices are still safe, despite rumors of mobile malware. Smartphones and other mobile devices will not be a real opportunity for criminals in 2008. Proof-of-concept malware for mobile devices has not yet translated into any meaningful attacks.