Recent State of the Threat Presentation

We, here at MicroSolved, dedicate our lives (yes we work at home, too) to the goal of helping to ensure a safer and more secure Internet for every user that may be inclined to partake in the wonder that is the Internet community. Ideally, we would love to work ourselves out of a job. Fortunately, we know that will never be possible. To that end, we have been providing a service that we like to call the State of the Threat, by which we take a look at the current state of the Internet and report on major events that have affected the community. Additionally, we attempt to make some forward looking guesses about where we think security professionals should expect to see upcoming issues or problems. In doing so, we have been performing quarterly presentations that address the threats that we saw to be of major concern over that 3 month period. During these presentations, we also attempt to guess where we think the hacker community may be investing more and more time toward research for newer attack vectors.

Our most recent State of the Threat presentation was performed this past Friday, May 12, 2006, in Fairmont, West Virginia. I delivered the presentation to the local chapter of InfraGuard, which is an initiative by the FBI to share and gather information with security professionals in the commercial sector. During my research I noticed a trend that appears to be the changing of the playing field that we have all been engaged in. Our presentation usually starts out with some astronomical numbers that represent the increase (or decrease, if that would ever happen) of cyber attacks that were noted during the past quarter. However, I had to depart from that normal format to talk about something that seems considerally more important, and definately more dangerous, if not expensive. After quite a bit of research done by myself and various other security gurus in the business, it is definately obvious that the profile of the most prolific attackers has changed from your everyday hobbyist with a desire to crack boxes and break applications, to attackers with a more devious intent. That’s right….criminals. We are starting to see more and more attacks that are financially driven. Unless you have some very good mail filters in place on your mail servers and in your inboxes, you have probably noticed an increase in Phishing attempts and everyday SPAM. Everyone has heard of at least one large company report that serveral thousand credit card numbers or customer’s personal information has been stolen. It’s worth noting that one major university here in Ohio experienced it’s third major compromise and data theft event in a couple of months. Try to imagine how important the social security numbers of a couple thousand students might be in the next couple of years. While their credit may not be the best now…imagine 10 years down the road when they are in the workforce heading up departments or entire firms. That information could be very lucrative to the organized crime rings around the world. If I were you, I would expect to continue seeing these types of attacks in the future.

The State of the Threat presentation talks about some of the more fun things going on out on the Internet, such as the threat that is I talk about where to look for the problems your cell phones, PDA’s, Bluetooth devices, and Smart Phones are going to bring into your organizations and homes. I even go into the theoretical threat that RFID tags are going to bring. Anyone get one of those neat chips installed under their skin? It might be infected with a virus. How about the fact that there has been almost a 1700% increase in Instant Messenger attacks over the past year. Do you have bots or botnets? I’d bet my next paycheck that you do, or you will in the near future!!! Any takers?

I can’t forget my favorite fun fact. The Windows System Time To Live is down to 18 minutes. The Windows System TTL is simply the amount of time it takes for an unpatched, unfirewalled Windows box, that is placed on the wild Internet, to become compromised or infected with some sort of malware. That time is 18 minutes. The fun fact, it actually takes longer for a brand new, out of the box, Windows XP Home Edition machine to connect to Windows Update and download all of the hot fixes than it would for it to become compromised.
We will be posting the full presentation on our website at in the next couple of hours. Please check back for the direct link to the presentation.

This entry was posted in General InfoSec by Troy Vennon. Bookmark the permalink.

About Troy Vennon

I recently separated from the U.S. Marine Corps after 8 years. I spent the first 3 1/2 years building classified and unclassified networks all over the world. There was a natural progression from building those networks to securing those networks. My last 4 1/2 years in the Marine Corps took me to Quantico, Va where I was stationed with the Marine Corps Network Operations and Security Command (MCNOSC). While with the MCNOSC, I was a member of the Security section, which was responsible for the installation and daily maintainance of the 34 Points-of-Presence that made up the Marine Corps 270,000+ user network. After a period of time with Security, I moved over to the Marine Corps Computer Emergency Response Team (MARCERT). There I was the Staff Non-Commissioned Officer of the MARCERT, which was responsible for the 24x7 monitoring of network traffic across the Marine Corps. Specifically, we monitored network traffic for malicious intent and investigated any network incidents as they occurred. While with the MCNOSC, I attained my CISSP, CCNA, and OPST (OSSTMM Professional Security Tester). I have been with MicroSolved for the past 4 months as the Senior Security Engineer, Technical Lead, and Project Manager.

Leave a Reply