Better watch out for Christmas cyberattacks

'Tis the season of gift-giving, good cheer and, according to the FBI and other security experts, an increase in cyberattacks.

          'Tis the season of gift-giving, good cheer and, according to the FBI and other security experts, an increase in cyberattacks.

          Malicious hacker activity targeting e-commerce sites has been heating up for the holidays, the FBI's National Infrastructure Protection Center said in a report released earlier this month.

          That should be no surprise. More people than ever are shopping online, says a report issued yesterday by Chicago-based Andersen Consulting, and a greater proportion of them -- 92% as opposed to 75% last year --- are successfully completing their online purchases.

          Compared with a similar study Andersen did last year, it seems "that US e-tailers learned from their mistakes last year," says Andersen associate partner Robert Mann in the report. Online retailers have improved fulfillment and smoothed out supply-chain snags, the report says.

          It's the success of e-commerce sites that increases their chances of failure, says Ben Venzke, an intelligence director for IT security consulting firm iDefense in Fairfax, Virginia.

          "A lot of media attention is paid to how much Christmas shopping is done online," Venzke says. "The effect is to call attention to those sites doing the largest dollar amounts of those sales. That becomes a motivating force for the entrepreneurial criminal."

          The visibility of successful sites also means that "if somebody wants a lot of attention, a way to get it is to deface one of these highly visible sites. Shut down one of these sites, and you'll get yourself talked about," Venzke says.

          As malicious cyberattacks intensify during this year's holiday season, holiday-related viruses and worms are the most likely culprits, but inattention and neglect run a close second, iDefense says.

          "E-commerce sites need to be alert for Trojan horses," Venzke says. "Some are designed to collect information such as passwords and e-mail them back" to the virus' creator, who then "can use them to break into databases containing credit-card information."

          E-mail also presents an invitation to cybercrime. Nine holiday-related worms -- four in the wild -- have shown up since November 10, the report says. Some carry date-activated payloads, most triggered for December 25, December 31 or January 1, but others bear infected attachments purporting to be Christmas or Hanukkah cards.

          Many IT departments are working with reduced staffs who are taking time off for the holidays, the report notes. IT staff "may not be as diligent in monitoring firewalls or intrusions, updating virus definitions and applying software patches," it says.

          That's even more likely the case at those sites "notorious for being breeding grounds for the launching of viruses -- colleges and universities," Venzke says.

          "There may be no classes, there may be few people on the IT staff working, but the schools are still open, the network is still up," he says.

          To help prevent malicious hackers from getting in and damaging systems, IT security personnel should:

          • Set up holiday work schedules to ensure sufficient personnel to perform all critical business functions.
          • Formalise a procedure to monitor logs and update antivirus software.
          • Increase user awareness of possible sources of threats.
          • Develop a contingency plan.
          "We tell clients, 'Don't be so foolish as to believe you'll never be successfully hit,' " Venzke says. "Develop a plan, so when things do go sour, you're ready."

          Among the worms threatening to make the season unmerry for IT departments are the following:

          Navidad.A: It leaves PCs unable to launch executable files. It hits Outlook in-boxes and e-mails itself to those addresses. Wide distribution.

          Navidad.B: also known as Emanuel Worm: A variant of Navidad.A. In the wild.

          Music.A and Music.B: Worms emailed as attached files called music.com, music.zip or music.exe. They play a carol, then grab e-mail addresses from their hosts and send themselves on. Relatively rare.

          Music.C: It uses the same file names as Music.A and repeatedly tries to connect to an update site.

          Verona.B: It arrives as an HTML email with attached files xromeo.exe and xjuliet.chm. Each time a user tries to open a file, Verona overwrites it with a copy of itself. It also e-mails itself to all of the user's e-mail addresses.

          Nearly as trying for help desk staff is dealing with hoaxes such as the purported elfbowl.exe game virus. The alleged virus is in email with the subject Lump of Coal.

Join the newsletter!

Error: Please check your email address.
Show Comments
[]