Posts Tagged ‘network of servers’

Wednesday, January 11, 2012 @ 11:01 AM gHale

A massive network of servers that can attack sites as well as compromise web pages to exploit vulnerabilities and infect users’ computers is showing security experts the increased level of sophistication hitting the cyber world today.

Gone are the days of the simple hack and attack methods, as antivirus and security measures become more difficult for attackers to bypass, cyber criminals are stepping up their game to stay one step ahead. That means users need to stay vigilant and remember security is a constant changing dynamic.

RELATED STORIES
Cyber Report: Life on Technology Edge
Cyber Security Month: DHS Eval Tool
White House Invests in Smart Grid, Security
White House: Cyber Hits Down, But Not for Feds

Called Shnakule, this sophisticated malware network covers quite a few attack vectors and security experts think this network is the brains behind multiple attacks, with active servers ranging from hundreds to thousands of systems at a time.

Steve Schoenfeld, vice president of product management and product marketing at Blue Coat, said his company tracked Shnakule for months through its WebPlus security networks.

He said the company’s findings defy conventional knowledge of how malware and cyber crime operations work.

Attacks that appeared to be isolated, now look to be the work of various systems operating within the cyber crime network. Blue Coat said these networks will be responsible for as much as two-thirds of all attacks in 2012.

“Shnakule is an organization of servers, it is an infrastructure more than anything,” Schoenfeld said. “They may be doing the same attacks, but they have a well-built infrastructure to obfuscate it.”

To combat such large-scale operations, Blue Coat believes vendors will need to take a wider approach to analyzing attacks.

Rather than looking to block attacks based on the individual activity of a site or domain, Blue Coat believes firms will need to take a wider approach and single out servers and domains connected with malicious networks in the past.

By taking that approach, security networks can identify and prevent exploits from malicious servers and domains before an attack launches, Schoenfeld said. Blue Coat refers to the practice as “negative day” security.

 
 
Archived Entries