Prepare for internet route hijackings in 2011, says security expert

These trends are strongly indicated by the discovery of the Stuxnet worm and China's hijacking of 15% of the world's internet traffic for 18 minutes early in 2010, according to Rodney Joffe, senior vice-president and senior technologist at Neustar.

Another trend that is likely to carry over from 2010 is the limited use of distributed-denial-of-service (DDoS) attacks for social and political ends such as the recent attacks on Wikileaks and associated sites, and the 2007 battles between Russia and Estonia.

But, it is the hijacking of internet traffic and the use of sophisticated attacks such as the Stuxnet worm aimed at control systems, that businesses organisations are most likely to be up against, said Joffe.

Stuxnet represents a new generation of stealthy and targeted attacks that are likely to become increasingly popular with cybercriminals in 2011 as a way to target financial systems, particularly automatic cash machines.

"This is an area that is getting increased attention in the underground forums", said Joffe, but will not be limited to banking, and could include any computer-controlled systems such as the heating and lift systems in office blocks.

Large industrial companies are generally aware of the threat, he said, but mid- and lower-level organisations such as air-conditioner, lift and aircraft manufacturers were oblivious to the relevance of Stuxnet.

Another challenge for IT managers in 2011 will be the theft of intellectual property, both for financial gain by criminals, and industrial espionage through internet traffic re-routing, said Joffe.

"IT managers need to have a mechanism in place to help identify when their traffic is being routed through illegitimate third-party infrastructure so they can act swiftly to prevent data from being inspected or manipulated," he said.

The danger is that re-routing can be done by any network engineer and there is currently no way to prevent it, warned Joffe.

"We are at least two years away from a commercial solution to this problem, so that is why IT managers need to monitor their traffic beyond their own networks and be prepared to take systems offline if route hijacking is detected," he said.

According to Joffe, taking systems offline, although costly and disruptive, would be infinitely preferable to exposing electronic communications and login credentials to theft and misuse.

"If criminals are able to capture login credentials, they could do untold damage by modifying data. Taking systems down until the threat is over is the lesser of the two evils", he said.

Although the government agencies, including some from the UK, and some of the larger companies that were affected by the China-based route hijacking in April are aware of the threat, Joffe believes that most commercial companies are not.

"The China-based route hijacking affected more than 100,000 organisations, but fewer than 500 are aware that they were part of that", he said.

This story was first published by Computer Weekly

What’s Hot on Infosecurity Magazine?