Most Read Technology Reporter For More Than Two Decades

Maureen O'Gara

Subscribe to Maureen O'Gara: eMailAlertsEmail Alerts
Get Maureen O'Gara: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Related Topics: Cloud Computing, Security Journal, Cloud Security Journal , Secure Cloud Computing

Article

Kneber: Another Bot Attack

Another one attacks the cloud

Another hack attack hits the headlines http://tinyurl.com/yebvj8p

Big deal. This stuff happens every day now right?  Wrong. Not on this scale it doesn’t. The Kneber Bot has penetrated 75,000 systems, 2,500 companies across in 196 countries.  This is not a straightforward Trojan - a simple smash and grab. This one’s a game changer.

Systems compromised by this botnet provide the attackers with not only user credentials and confidential information, but remote access inside the compromised network.  Just some of the data stolen includes:

  • 68,000 corporate log-in credentials
  • Access to e-mail systems, online banking sites, Facebook, Yahoo, Hotmail and other social networking credentials
  • 2,000 SSL certificate files
  • Dossier-level data sets on individuals, including complete dumps of entire identities from victims' machines.

Penetration of this scale and amongst such an esteemed group of public and private organizations - Merck & Co, Cardinal Health, 10 US Government Agencies - makes it is clear that no-one is untouchable to an ambitious,  determined and organized group of hackers. But what’s most startling is the lack of visibility about this particular bot.

Firstly we don’t yet know where it came from. Fingers have been pointed at China but there appears to be very little hard evidence. Next, we don’t actually know the extent of the damage. This apparently is still being assessed, and affected companies notified. Moreover it isn't clear to what extent the attack has been contained.

What we do know is that it started in late 2008 in Germany. But that in itself begs another unanswered question. How can an attack using a spyware freely available in the Internet penetrate 75,000 systems worldwide – and still go unnoticed for more than a year?

What is becoming ever more clear is that conventional malware and signature-based detection systems are fast becoming inadequate for addressing the increasing sophistication of cyber attacks like the Kneber Bot.

How can companies improve their visibility and protect themselves against these increasingly sophisticated attacks going forward? Regardless of the sophistication of the attack all computers natively generate electronic fingerprints. For every event that takes place in a computer or a network or a security system, or applications, databases or OS, etc., a small record of that event is kept; it’s called a log.

This is your electronic fingerprint. Just like a fingerprint, properly managed logs enable us to carry out forensics, and get us the visibility required to know exactly what happened, who did what, how the attack originated, how it spread, where are the attackers, what has been compromised.

Could the key to solving and preventing IT crime lie in properly managed logs? Could it be that log management could be of some use?

Yes, certainly. But the trouble is that with the explosion of corporate systems the number of logs has exploded to a difficult-to-manage number and few companies are truly geared up to manage them all – meaning that things inevitably slip through the net. Only companies using the most sophisticated log management systems such as LogLogic’s Open Log Management Platform which - with our new Quad-core hardware can monitor up to 250,000 records per second – can really hope to identify and act upon these new subtle, sophisticated and well-disguised attacks on their infrastructure.

The hackers’ game has moved on. We all need to be prepared to respond to this.

More Stories By Gorka Sadowski

Gorka is a natural born entrepreneur with a deep understanding of Technology, IT Security and how these create value in the Marketplace. He is today offering innovative European startups the opportunity to benefit from the Silicon Valley ecosystem accelerators. Gorka spent the last 20 years initiating, building and growing businesses that provide technology solutions to the Industry. From General Manager Spain, Italy and Portugal for LogLogic, defining Next Generation Log Management and Security Forensics, to Director Unisys France, bringing Cloud Security service offerings to the market, from Director of Emerging Technologies at NetScreen, defining Next Generation Firewall, to Director of Performance Engineering at INS, removing WAN and Internet bottlenecks, Gorka has always been involved in innovative Technology and IT Security solutions, creating successful Business Units within established Groups and helping launch breakthrough startups such as KOLA Kids OnLine America, a social network for safe computing for children, SourceFire, a leading network security solution provider, or Ibixis, a boutique European business accelerator.