VeriSign's Bob Angus presents "Boost Margins and Retain Customers with Security and Trust" July 16 - Sign up!

Study Says Hackers Advancing Fast

Tags:  security  Windows  Linux  hackers  Mandiant  THUS 

  • By theWHIR.com , August 14, 2006

  •   Digg
      Delicious
    submit to reddit  Reddit
      Newsvine
      Stumbleupon
      Twitter
    Facebook

    (close)

    From:
    To:
    Share | Send | Print | Comments (0)

Verio Attracts Resellers with Free Month of VPS Hosting: Companies looking to boost revenues are finding Verio's Free VPS promotion the right fit for getting started as Hosting Reseller.

Study Says Hackers Becoming Advanced

August 14, 2006 -- (WEB HOST INDUSTRY REVIEW) -- Security consultant Mandiant (mandiant.com) announced last week that its latest research has found that hackers are more frequently using rogue active server pages as a way into a Web server in order to remotely view, copy or delete files, according to a report by Information Week.

Kevin Mandia, president of Mandiant, spoke at a Black hat conference in Las Vegas, Nevada where he shared research results that proved attackers are using increasingly sophisticated methods to evade detection and make life difficult for security incident response teams.

Mandia says the sophistication of hackers' tools are outpacing that of investigators' forensic tools, and one of the consequences is that incident response teams charged with investigating attacks on networks are taking between five and eight days to find malicious code.

As incident response teams search for the malicious code, the most common assumption is that a hacker has used kernel level rootkits to access sensitive internal data. Rootkits are software tools designed to hide running processes, files or system data and enable attackers to maintain control over a system without the user's knowledge. A kernel level rootkit takes this a step further by adding or modifying part of the kernel code. Although Windows security breaches make up the majority of security incidents, the kernel level rootkits Mandia has come across thus far have been Linux-based.

Mandia says the main reason hackers aren't running kernel level rootkits as much anymore and are choosing the ASP route is because rootkits can make systems unstable, which could blow their cover.

The report adds that profit-motivated attackers usually operate by hacking a victim's PC and installing a keystroke logger or by getting their victims to fall for phishing scams. Mandia says these attacks are tough to stop because the attackers tend to work quickly and leave little evidence behind.

OLDER:  The Web Host Industry Week in Review | NEWER:  Big Wow Launches WowPoints Program

Comment anonymously or log into your WHIR account

Logging in allows enhanced commenting features (such as external linking) in news, features, blogs and more.

User:

Pass:

(reset password)

Don't have an account yet? Register now!


 

Related Content

Most Popular