Rodney Joffe, CTO of Neustar, a Sterling, Va.-based provider of attack mitigation services, is concerned about these DDoS attacks and similarly scaled efforts, in particular the way in which they can be used to mask more targeted attacks. He sees growing sophistication in “botnets for hire” – sets of internet-connected computers whose defenses have been unknowingly breached and are now under control of a criminal. In addition, he predicts that the security community will be hard pressed to keep up with these ongoing developments. When the DDoS threat and the botnet menace are combined with malware already resident on the machines of thousands of customers, it paints a depressing picture for the security community – one that he says has cost banks, individually, from tens of thousands to millions of dollars both for defense measures and in terms of actual fraud losses.
“Smaller regional banks will be the victims of more exploits since their dependence on third parties for wire transfers usually results in a time lag, which criminals can exploit to pilfer accounts with less chance of detection,” Joffe says.
Carter agrees, noting that attackers are using the “fog of cyber war” to attempt to implement fraudulent transactions, penetrate networks and harvest customer account information. He warns that these attacks are the very tip of the iceberg, and predicts that attackers will be back for more, resulting in higher fees for consumers and potentially threatening the underpinnings of the economy.
Infrastructure operation and practices are also on the minds of others in the security field. For his part, Brian Gay, a director at Think First Consulting, an Arlington, Va.-based strategy firm, is concerned with the increasing adoption of cloud services, most of which are accessible over the public internet. Therefore, the provider must implement two-factor authentication using a PIN, he says.
Tom Cross (left), director of security research at Lancope, a Alpharetta, Ga.-based company focused on flow-based security and network performance monitoring, sees more risks buried in the infrastructure. For instance, he says, virtual-machine-to-virtual-machine communications inside a physical server cannot be monitored by traditional network and security devices, complicating problem identification and potentially erasing any cost savings associated with virtualization.
“This loss of visibility can be exacerbated in public cloud environments, where the enterprise has given up control over the infrastructure on which its applications are running.” Also, he says, the transition to IPv6 – the latest iteration of the internet protocol (IP), the coding on which the entire internet is built – is approaching, with the last few IPv4 addresses in the final stages of allocation. IPv6 connectivity can create a blind spot if all of one's network security tools and processes are focused on attack activity occurring over IPv4, Cross says. “As networks and systems become IPv6-capable, organizations need to ensure that they have visibility into IPv6 assets and addresses in their environments,” he says. “Attackers have been known to take advantage of those blind spots to stay under the radar, a trend we expect to increase as IPv6 adoption proceeds.”