Why cybersecurity experts can never rest

Online arms race continues apace

The Web threat landscape is becoming increasingly dynamic and opportunistic as hackers continue to adapt to new online functionality and trends, according to a report on online security from Zscaler, a security firm that specializes in cloud computing.

“While the goals have not changed, the techniques continue to evolve,” wrote Michael Sutton, the company's vice president of security research, in the "State of the Web" report for the second quarter of 2010. “The attacks that we're seeing are increasingly dynamic in nature, continually shifting locations and swapping out payloads to avoid detection.”

Attackers are using social networking functionality, exploiting current events and using techniques such as fast flux to quickly change the Domain Name System resolution for IP addresses, a tactic that allows them to evade blacklists that block malicious sites. The trends are not new, but they illustrate the continued threat posed by increasingly professional criminals with access to a growing kit of malicious tools available in the underground market.

Related coverage:

Everything new is old again: Is e-mail on the way out as the Internet's killer app?

6 reasons to worry about cybersecurity

“Attackers are quickly moving content to different locations in order to ensure that enterprises cannot simply protect themselves by blocking a specific range of IP addresses,” the report concludes. “It is clear that security vendors must be able to quickly adapt and inspect Web-based content on-the-fly in order to identify and secure against emerging threats in this continually evolving environment.”

Legal inroads are being made against organized online crime. The Secret Service announced last week that Vladislav Anatolieviech Horohorin, known online as BadB, had been arrested by French authorities on U.S. federal indictments for access-device fraud, aggravated identity theft, and aiding and abetting. According to Secret Service officials, Horohorin was one of the founders of CarderPlanet, which the agency called “one of the most sophisticated organizations of online financial criminals in the world.” The site allegedly is operated by cyber criminal organizations to traffic counterfeit credit cards and false ID information and documents. The site provides a forum for purchasing stolen data and credentials as well as attack tools.

But criminals are resilient and continue to take advantage of current events, such as the recent World Cup tournament and Apple’s release of the iPad, and of new functionality, such as Facebook's “Like” button. Zscaler described Likejacking schemes in which invisible buttons use clicks anywhere on a Web page to drive advertising by raising its Facebook profile.

The increasingly popular Twitter is also a rich target for phishing attacks as malicious third parties solicit Twitter account information with offers to increase the number of the account’s followers.

In addition, criminals are using search engine optimization techniques to drive malicious Web sites to the top of search results on major search engines, including Google, Bing and Yahoo, Zscaler found.

The United States remains by far the top country for malicious IP addresses identified by Zscaler in the second quarter, despite dropping from 62 percent of malicious addresses in April to 48 percent in June. All the other leaders are in the single digits. China and Germany were tied for second place with 7.11 percent each.

However, those figures likely say more about the number of computers and the rate of Internet use in a country than about where attacks originated.

About the Author

William Jackson is a Maryland-based freelance writer.


  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.