Skip to main content
Blog > Discussions
US at Risk of Cyber Attacks
By Brandon Griggs
CNN
Decrease font Decrease font
Enlarge font Enlarge font

(CNN) -- The next large-scale military or terrorist attack on the United States, if and when it happens, may not involve airplanes or bombs or even intruders breaching American borders.

Cyberattackers shut down one Georgian government site and defaced another with images of Adolf Hitler.

Cyberattackers shut down one Georgian government site and defaced another with images of Adolf Hitler.

Instead, such an assault may be carried out in cyberspace by shadowy hackers half a world away. Internet security experts believe that it could be just as devastating to the U.S.'s economy and infrastructure as a deadly bombing.

Experts say last week's attack on the former Soviet Republic of Georgia, in which a Russian military offensive was preceded by an Internet assault that overwhelmed Georgian government Web sites, signals a new kind of cyberwar, one for which the United States is not fully prepared.

"Nobody's come up with a way to prevent this from happening, even here in the U.S.," said Tom Burling, acting chief executive of Tulip Systems, an Atlanta, Georgia, Web-hosting firm that volunteered its Internet servers to protect the nation of Georgia's Web sites from malicious traffic.

Read full article: http://edition.cnn.com/2008/TECH/08/18/cyber.warfare/index.html

 

SANS solves mystery of mass Web site infections

By Jeremy Kirk , IDG News Service , 04/17/2008

 
The SANS Institute has uncovered what they've termed a "rare gem" as far as computer security investigations go that sheds new light on how up to 20,000 Web sites have been hacked since January.

They found a sneaky software tool that uses Google's search engine to hunt for Web sites running certain kinds of vulnerable applications, wrote Bojan Zdrnja, on the institute's blog.

"While we had a general idea about what they do during these attacks, and we knew that they were automated, we did not know exactly how the attacks worked, or what tools the attackers used," Zdrnja wrote.

When the tool finds a site that is vulnerable, it kicks into action. "The exploit just consisted of an SQL statement that tried to inject a script tag into every HTML page on the web site," Zdrnja wrote.

That SQL statement was crafted to target Web sites running Microsoft's Internet Information Server and SQL Server. Once compromised, the Web sites were then rigged to serve malicious software to visitors using JavaScript, which tried various exploits based on known software vulnerabilities.

Among the malicious programs served up was a password-stealing program for the game "Lord of the Rings Online," security vendor McAfee said last month.

SANS said the software tool also reports to a server based in China, a feature that may be used to count the number of infections in order for the person using the tool to get paid, Zdrnja wrote. The tool may have other functions, but SANS is still analyzing it.

Among the victims from these attacks were the Web sites of security vendor Trend Micro as well as CA.

Top Ten Cyber Security Menaces for 2008

Source: http://www.sans.org/2008menaces

Twelve cyber security veterans, with significant knowledge about emerging attack patterns, worked together to compile a list of the attacks most likely to cause substantial damage during 2008.

Participants included Stephen Northcutt, Ed Skoudis, Marc Sachs, Johannes Ullrich, Tom Liston, Eric Cole, Eugene Schultz, Rohit Dhamankar, Amit Yoran, Howard Schmidt, Will Pelgrin, and Alan Paller.

Increasingly Sophisticated Web Site Attacks That Exploit Browser Vulnerabilities - Especially On Trusted Web Sites

Web site attacks on browsers are increasingly targeting components, such as Flash and QuickTime, that are not automatically patched when the browser is patched. At the same time, web site attacks have migrated from simple ones based one or two exploits posted on a web site to more sophisticated attacks based on scripts that cycle through multiple exploits to even more sophisticated attacks that increasingly utilize packaged modules that can effectively disguise their payloads. One of the latest such modules, mpack, produces a claimed 10-25% success rate in exploiting browsers that visit sites infected with the module. While all this is happening, attackers are actively placing exploit code on popular, trusted web sites where users have an expectation of effective security. Placing better attack tools on trusted sites is giving attackers a huge advantage over the unwary public.

"It is no surprise to WSN that the number one threat to network security is the attacks that are targeted through web browsers."  We have protected our clients while providing the maximum access to safe content on the Internet.  Our security best practice solutions coupled with the Finjan Vital Security Web Gateway solution is the best defense against web cyber threats.  Unfortunately, we still see many organizations and security professionals that inadequately mitigate this threat.  More about our solution can be found here: (http://www.wsn.net/Pages/Microsites/Finjan_Overview.aspx).

Follow us on Twitter