Share

Related Links

  • Computer Weekly
  • Reed Exhibitions Ltd is not responsible for the content of external websites.

Related Stories

  • WikiLeaks: let the DDoS battles begin
    December is rapidly turning into a festival of distributed denial of service (DDoS) attacks on WikiLeaks and a number of sites looking to distance themselves from the high-profile government reporting portal.
  • Wikileaks turns to cloud computing to fend off DDoS attack
    Whistleblowing site Wikileaks turned to cloud computing services to help defend against a distributed denial of service (DDoS) attack as it prepared to publish thousands of US diplomatic cables this week.
  • US accuses China Telecom of internet hijack
    China Telecom diverted internet traffic from the US and other nations for about 18 minutes on 8 April by publishing incorrect routing information that diverted data through Chinese servers, a US congressional report said on Wednesday.
  • Windows zero-day flaw places SCADA systems in peril, says Sophos
    Research carried out by Sophos claims to show that the zero-day flaw identified by a number of security vendors late last week is being exploited by a new variant of the Stuxnet malware.

Top 5 Stories

News

Prepare for internet route hijackings in 2011, says security expert

09 December 2010

Businesses should prepare for internet traffic hijacking and sophisticated attacks on computerised control systems in 2011, says a US-based security expert.

These trends are strongly indicated by the discovery of the Stuxnet worm and China's hijacking of 15% of the world's internet traffic for 18 minutes early in 2010, according to Rodney Joffe, senior vice-president and senior technologist at Neustar.

Another trend that is likely to carry over from 2010 is the limited use of distributed-denial-of-service (DDoS) attacks for social and political ends such as the recent attacks on Wikileaks and associated sites, and the 2007 battles between Russia and Estonia.

But, it is the hijacking of internet traffic and the use of sophisticated attacks such as the Stuxnet worm aimed at control systems, that businesses organisations are most likely to be up against, said Joffe.

Stuxnet represents a new generation of stealthy and targeted attacks that are likely to become increasingly popular with cybercriminals in 2011 as a way to target financial systems, particularly automatic cash machines.

"This is an area that is getting increased attention in the underground forums", said Joffe, but will not be limited to banking, and could include any computer-controlled systems such as the heating and lift systems in office blocks.

Large industrial companies are generally aware of the threat, he said, but mid- and lower-level organisations such as air-conditioner, lift and aircraft manufacturers were oblivious to the relevance of Stuxnet.

Another challenge for IT managers in 2011 will be the theft of intellectual property, both for financial gain by criminals, and industrial espionage through internet traffic re-routing, said Joffe.

"IT managers need to have a mechanism in place to help identify when their traffic is being routed through illegitimate third-party infrastructure so they can act swiftly to prevent data from being inspected or manipulated," he said.

The danger is that re-routing can be done by any network engineer and there is currently no way to prevent it, warned Joffe.

"We are at least two years away from a commercial solution to this problem, so that is why IT managers need to monitor their traffic beyond their own networks and be prepared to take systems offline if route hijacking is detected," he said.

According to Joffe, taking systems offline, although costly and disruptive, would be infinitely preferable to exposing electronic communications and login credentials to theft and misuse.

"If criminals are able to capture login credentials, they could do untold damage by modifying data. Taking systems down until the threat is over is the lesser of the two evils", he said.

Although the government agencies, including some from the UK, and some of the larger companies that were affected by the China-based route hijacking in April are aware of the threat, Joffe believes that most commercial companies are not.

"The China-based route hijacking affected more than 100,000 organisations, but fewer than 500 are aware that they were part of that", he said.

This story was first published by Computer Weekly

This article is featured in:
Internet and Network Security  •  Malware and Hardware Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×