Learning Center
Plans & pricing Sign in
Sign Out

Online threats


       What governments need to know
       by Marc Fossi

         s has been the case since its          identities exposed in 2009, a
         inception, the Internet continues      marked increase from 22 percent
         to expand and enable new ways          in 2008, so it is vital all government
of doing business and communicating.            organizations ensure they are properly
While trends such as social networking,         protected and safeguarded from internal
cloud computing, and virtualization             and external threats.
continue to gain traction, and are rapidly
becoming integral to how business and           Growth of cybercrime
leisure pursuits are conducted online,          Cybercrime is a universal problem.
these technological advances bring with         Attackers have evolved from simple scams       instances of Hydraq could still exist within
them additional security challenges.            to highly sophisticated campaigns target-      an organization’s network. While govern-
     In today’s information-driven world,       ing government entities and some of the        ment entities were not specifically targeted
safeguarding data is a top priority. As         world’s largest corporations. The scale of     in this attack, some critical infrastructure
technology evolves, it becomes more             these attacks and the fact that they origi-    sectors were targeted and such attacks will
important for government organizations          nate from around the world, makes this a       continue to negatively affect private sector
to know where their digital information         truly international problem requiring the      and government organizations until they
is stored, how it is being used, and how        cooperation of both the private sector and     can be identified and eliminated.
to best prevent and protect against its loss    world governments.
so as to avoid downtime and loss of confi-          In 2009, Symantec blocked an aver-         Social networking threats
dential information. This means making          age of 100 potential attacks per second.       Social networking sites should be of
sure IT managers or the right government        Malicious code is as prevalent as ever,        particular concern to government orga-
officials are aware of the latest threats and   with more than 240 million distinct            nizations. Not only does social network-
know how to protect themselves.                 new malicious programs identified              ing provide potential attack vectors for
     Unfortunately, cyber attacks and           by Symantec in 2009 – a 100 percent            threats, such as Koobface, but if organi-
malicious activity continues to spread,         increase over those found in 2008.             zational policies are not established (both
and neither the economic recession nor              One of the latest threats identified by    from an end user and network perspec-
geographic location slowed cybercrimi-          Symantec is the Hydraq Trojan (a.k.a.,         tive), it can create security issues for the
nals. Their businesses are thriving while       Aurora). This threat uses a zero-day vul-      organization and its employees. This
the rest of the world suffers. Internet pen-    nerability in Microsoft® Internet Explorer®    includes the potential loss of confidential
etration around the world continues to          to install itself onto a computer. Another     information and the possible exposure of
increase, and as developing countries gain      method it uses is a social engineering ploy    the organization to liabilities from com-
broadband access, cybercriminals have           that relies on a maliciously coded PDF         pliance concerns. One recent example
more markets to target.                         sent as an email attachment. Although a        of this occurred in July 2009, when the
     In fact, according to Symantec’s           number of the command-and-control serv-        new head of the British foreign intel-
annual Internet Security Threat Report,         ers that the Trojan relied on for its propa-   ligence service was identified publicly by
hacking accounted for 60 percent of the         gation are no longer active, additional        his wife’s posts on her profile on a social

                                                                                                 SeptemBer/octoBer 2010 Summit          15
networking site.                                 Clear policies on usage, permissions and             looking for an all-in-one suite that is
    These problems can be compounded             ownership between the organization and               easy to use and protects against mali-
by government organizations having dif-          the ISP hosting the data should also be              cious software, spam, data loss and
fering responses to social networking. For       determined.                                          downtime.
example, the US Army has issued guid-                Virtualization is another ongoing                     This solution should have end-to-
ance to its soldiers as well as to civilian      concern for government organizations.                end protection, ensuring it is sophisti-
employees regarding social networking            Virtualization can be a tremendous                   cated enough to defeat both known and
and what should and should not be dis-           benefit for many initiatives, includ-                unknown threats no matter the device
closed, while the US Marine Corps has            ing reducing the physical footprint of               (i.e., laptops, desktops, mobile devices
banned all access to social networking           the enterprise and, thus, reducing both              and servers; in email; over the network;
sites from its network. To effectively man-      capital expenditures and energy costs.               and in storage devices). The solution
age social networking within government          However, robust security practices need              must also have effective and accurate
networks, clear policies on access to these      to be applied to virtual systems as much             anti-spam protection that automatically
sites is required, along with appropriate        as to physical systems. This includes                detects spam without requiring manual
countermeasures to prevent unauthorized          employing endpoint security solutions to             adjustment of filtering rules or monitor-
information from being posted.                   protect each virtual host.                           ing of false positives. Finally, the solution
                                                                                                      should have rapid, reliable backup and
Social engineering                                the underground economy                             archiving technology, enabling govern-
Another concern is social engineering,            A final area that continues to be a con-            ment organizations to easily archive and
which is essentially an attempt to gain           cern is the flourishing underground                 restore data while protecting against new
access to computers by exploit-                   economy. While there have been some                          threats.
ing human psychology, rather                                                                                       Given how silent and targeted
than the attacker having to                                                                                    today’s attacks are, government
hack into or physically access                 Governments need to ensure                                      organizations should also ensure
the computer.                               critical and sensitive information                   is            they have a robust security
    While social engineering is                                                                                information management (SIM)
not a new threat vector, it con-                      adequately protected.                                    solution in place. This solution
tinues to be an area that gives                                                                                collects, analyzes and reports on
attackers an avenue into enterpris-               successful prosecutions of underground                       log data and is designed to deliver
es and government organizations and is a          economy operators – including the cap-              proactive security protection, helping
primary mechanism for getting malicious           ture and guilty plea of the TJX hacker              organizations demonstrate IT policy
code such as Trojans onto computers.              for a number of significant data breaches           compliance and reduce overall security
An example of a social engineered attack          – highly motivated groups and individu-             risk.
is phishing. This is where hackers use            als continue to thrive on underground                    The effectiveness of even the best
spam, fake websites, crime-ware and other         economy forums.                                     technology and processes can be under-
techniques to trick people into divulging              The emergence of attack toolkits has           mined if employees do not understand
sensitive information, such as bank and           made cybercrime available to anyone                 the value of the government’s informa-
credit card account details. Once a hacker        regardless of computer skills. Novices can          tion assets and their role in mitigat-
captured enough victims’ information,             purchase a kit and almost immediately               ing risk. With heightened awareness,
they either use the stolen goods themselves       begin deploying sophisticated and varied            however, employees can also become
to defraud the victims (e.g., by opening          threats. Toolkits such as Zeus are easy to          the strongest line of defense and the
up new accounts using the victim’s name           find online and can be purchased for as             most valuable security asset. This can be
or draining the victim’s bank accounts) or        little as $700.                                     accomplished through formal security
they sell it on the black market for a profit.         Governments need to ensure critical            awareness training programs or mandat-
                                                  and sensitive information is adequately             ing clear security policies.
Emerging technologies                             protected, and continued efforts among                   With cybercriminals finding it
Another issue facing many government              law enforcement needs to be coordinated             increasingly profitable to use the
organizations is emerging technologies.           to address malicious activity occurring             Internet to steal information from con-
While new technologies can often drive            globally. This is especially critical in the        sumers and businesses, protection and
innovation, reduce costs and increase             absence of an agreed-upon international             mitigation against such attacks becomes
efficiency across the organization, they          framework for combating cybercrime.                 both an individual and collective global
are equally as often not fully understood                                                             priority. With a proven set of technolo-
from a security perspective and could             Where do we go from here?                           gies in place and best practices followed,
negatively affect enterprises. For example,       To be truly protected against today’s               the public sector can keep their informa-
organizations moving toward a cloud-              increasingly complex and organized                  tion assets safe.
computing model should have clear poli-           cyber attacks, organizations need mul-
                                                                                                      Marc fossi is executive editor of Symantec’s Internet
cies on what information is allowed to be         tiple layers of security that protects the          Security Threat Report. for additional information,
uploaded by employees and to monitor it.          end user from all angles and it means               please visit

16 Summit SeptemBer/octoBer 2010

To top