Giant Botnet Proves that IT Security Needs Improvement

By Sue Poremba | Feb 18, 2010 | Print this Page
http://www.enterprisenetworkingplanet.com/netsecur/giant-botnet-proves-it-security-needs-improvement

On the heels of a recent post of mine on hacking, where my goal was to remind business that hackers are a lot more sophisticated than we think, comes the news that hackers in China and Europe have attacked 2500 enterprise and government entities over the past 18 months, according to a report in the Wall Street Journal. 

The breach was discovered by NetWitness and appears to affect a number of different types of information, including credit-card transactions and intellectual property. The Wall Street Journal article stated:

The hacking operation, the latest of several major hacks that have raised alarms for companies and government officials, is still running and it isn't clear to what extent it has been contained, NetWitness said. Also unclear is the full amount of data stolen and how it was used. . . . In more than 100 cases, the hackers gained access to corporate servers that store large quantities of business data, such as company files, databases and email.

The attacks are coming through a ZeuS botnet called Kneber. In an InformationWeek article, George Hulme wrote:

More than half of the machines infected with the new Kneber botnet were also infected with separate strains of the Zeus and Waladac botnets. Apparently, one or multiple groups of attackers, are having a Field Day on these systems.

In a report about the attack, published by NetWitness and available on the vendor's site, the company claims that the malicious executable was identified by traditional anti-virus engines less than 10 percent of the time and that botnet communication was missed by intrusion detection systems.

Combined with the recent attack on Google, there is a growing concern that cyber security as we know it today isn't prepared for these increasingly sophisticated attacks.