Malicious Attacks on Government Getting More Dangerous

Here is some good news - or at least not so bad news - and some bad news. In the last year, malicious activities over the Internet have declined in the U.S. And the country is no longer the number one destination for cyber criminals when it comes to attacking government computer networks: China's government computers are now the top focus of cyber criminals these days.

But the bad news is that in terms of general malicious activities, the U.S is still the country that generates the highest numbers of cyber crime attacks. And the nature of these attacks is shifting. Data breaches and theft is getting increasingly dangerous, especially for governmental and critical infrastructure organizations.

What's more; attackers are not only getting smarter in beating many of the sophisticated defense mechanisms, they are also diversifying their range of threat options. And in some cases, they are even expanding the reach of their operations.

These are the highlights of Symantec's Government Internet Security Threat Report just released, which said that the U.S. has not only remained the top country for overall malicious activity in 2008. It was also ranked first for a number of categories within this, including for malicious code, phishing website hosts, and originating attacks.

According to the report, attacks on government computer networks in U.S. that resulted in  compromised or stolen information increased by 40 percent from 2007 to 2008.

As in the previous year, the most common attacks targeting government organizations in 2008 continued to be denial-of-service (DoS) attacks.

This is a cause for worry because it puts much of the critical infrastructure performing essential functions at risk to attackers who might choose to exploit such essential functions.

For instance a DoS attack on the transportation sector's network can siphon off funds, as well as cause large-scale disruptions in the services.

The second most common type of attack against government networks is what has been the biggest target of all criminals; Simple Mail Transfer Protocol (SMTP), or emails. The report fears that criminals have acquired the ability to spoof government communications to obtain credentials to launch further attacks. Consequently, such attacks have also acquired the power to compromise the integrity of information and communications within governments.

One important and rising area of concern to governments is the increasing use (and capacity) of removable media. "Many organizations lack effective security measures to protect against such dangers," said the report.

For instance, 59 percent of employees admitted to taking company information--such as email addresses, contact information of customers, employee records, and financial records--when leaving the organization. Of those, 11 percent admitted to taking data, 53 percent downloaded information onto a CD or DVD, 42 percent took data using a USB drive, and 38 percent sent attachments to a personal email account.

Nevertheless, for attacks specifically targeting the government sector, 2008 marked the first time that the United States was not the top country of origin. Here again, the U.S. was surpassed by China, which ranked first as the source of attack with 22 percent of the attacks on the government sector. (For U.S. the figure was 12 percent).

China also had the second highest total for l worldwide malicious activity in 2008, accounting for 9 percent; this is a decrease from 11 percent in the previous reporting period.

The reason for this is simple; along with the fact that China has the most broadband subscribers in the world, the amount of time spent online by users there makes the country lucrative for malicious attacks.  "The longer a user is online, the longer the computer is exposed to malicious attack or compromise, and Internet users in China spending more of their leisure time online than users in any other country" said the report.

According to Mark Fossi, the report's author, although profit is often a motive behind the attacks targeting governments, because "governments store considerable amounts of personal identification data," political gains sometimes supersede profit as the dominant motive.

 "Government databases store information that could attract politically motivated attacks, including critical infrastructure information and other sensitive intelligence," said the report.

The report is an eye opener on a common belief that attacks on government computer networks particularly in countries such as the U.S., India and Belgium, originate, almost always, from China.

Symantec's research has revealed that attackers often attempt to obscure their tracks by redirecting attacks through one or more servers that may be located anywhere in the world. This means that the attacker may be located elsewhere than the country from where the attacks appear to originate.

Similarly, malicious activity originating in the U.S. may not necessarily mean it is initiated by attackers located in the US. "Frequently attackers will connect through multiple computers in geographically diverse locations before connecting to the computer launching the attack," says Fossi. "Because of this it's difficult to pinpoint the actual geographic location of the attackers themselves. Rather we are only able to see the computer launching the attack, hosting the phishing website, and seeing malicious code infection attempts."