McAfee Security Journal Fall 2010: Security Takes The Offensive

Bored by numbers, stats and facts in normal reports? Then the latest McAfee Security Journal is just what you were waiting for!

It’s time to be proactive on cybersecurity, the latest McAfee, Inc. Security Journal examines strategies for shifting from defense to offense in cybersecurity.

In light of recent cyberespionage, the breakup of cybercrime rings, and the threats that sophisticated malware such as Stuxnet present to critical infrastructures, McAfee Labs™ researchers and industry experts call for a more proactive strategy for fighting cybercrime.

“Cybercriminals prosper because they have very little reason to fear the consequences,” said Jeff Green, senior vice president of McAfee Labs. “As security experts, it’s time to take a hard look at what we do, how we do it, and what our ultimate goals are. The tools and techniques of cybercrime continue to grow in number and sophistication at alarming rates. Every time we release a new statistic about the rise in malware it points to our failure as an industry.”

The report, titled “Security Takes the Offensive,” is based on strategies compiled by international experts and issues a “call to arms” to the security industry. Traditionally, security technology companies and computer users have taken a defensive posture, putting the cyber equivalent of body armor on computers, networks and in the cloud. The report’s authors say it is now time to avoid enemy strikes altogether by taking a more aggressive stance, aligning forces and involving law enforcement.

“As we look at the evolution of risky domains and websites over multiple years, we can’t avoid the conclusion that the risk keeps increasing in both volume and sophistication,” said David Marcus, director of security research and communications for McAfee Labs. “If we want to stop being victims, then the good guys need to advance security efforts as threats evolve.”

The report details the following methods for building a more offensive security strategy: Use hacker techniques: Data loss is accelerating at an alarming rate, as there were 222 million records lost in 2009 in the United States alone. Organizations should use hacker techniques, such as fuzzing and penetration testing, to find bugs within their own products and address the issues, shutting the door on the bad guys. Provide data to help prosecute cybercriminals: A major component for combating spam lies in the hands of ICANN (the Internet Corporation for Assigned Names and Numbers), as it accredits the registrants that sell the domains which cybercriminals use to host malicious sites. Working with the security industry, ICANN should take a stronger stance against cybercrime.

Share information: Computer users, security professionals and administrators should share intelligence information with their trusted security vendor, and in turn security vendors should cooperate in live metadata sharing. Legislators should take these issues into account when drafting laws within their respective countries. Implement “shuns” and “stuns”: Three successful “tried and true” takedowns to date””MoColo, Atrivo and Mega-D””fall into one of two categories: “shuns,” in which the Internet community ostracized the network, and “stuns,” which focused on incapacitating botnets.

An offensive security practice should involve the entire security industry while incorporating methods that have proven successful. Shuns and stuns have beaten the odds in the past and industry experts as well as law enforcement should embrace these methods as a common security practice. Use tactics that increase risk for cybercriminals: Cybercrime has become an increasingly for-profit endeavor. Like any enterprise business model, the psychology of organized cybercrime follows the three major factors: risk, effort and reward. By using a number of potential tactics affecting each of these factors, the ratio can flip, so that cybercriminals faced actual risk for substantially reduced reward, diminishing cybercrime overall. Some of those tactics include publicly disclosing the names of cybercriminals, increasing the fines against cybercriminals, increasing the shutdowns of affected domains, more effective spam filtering, closing “dropped” email accounts and freezing payment accounts that are suspected of fraud.

Educate: Security experts should work with governments to provide models to tie together cybercrime-reporting with cybereducation, so users can start to link uninformed behavior to their risk of becoming victims. This includes educating those fighting cybercrime “on the streets” to have the latest in malware techniques, bringing tools to the mass population to help identify risky behavior, pointing users to the right contacts to report crimes, and helping to build education and awareness at the kindergarten level through higher education. The McAfee Security Journal outlines an offensive strategy that involves a couple of key components: proactive law enforcement and the security community banding together to help takedown the offenders. McAfee® Global Threat Intelligence™ is a comprehensive solution that scans the entire Internet and effectively uses millions of sensors to gather real-time intelligence from host IP addresses, Internet domains, specific URLs, files, images and e-mail messages.

Armed with this information, the team at McAfee Labs works across governments and international law enforcement, and has a ten-year history of building communities of trusted information sharing to help catch criminals. This unified approach turns a reactive security strategy into an offensive security strategy, laying the groundwork for the type of interaction that will help bring down major producers of malware, spam and scareware.

“Creating a framework for these organizations to play a greater role in reporting abuses and enforcing laws (along with a greatly increased budget) is where lawmakers seeking to make an impact on cybercrime should turn their attention,” said Joe Stewart, director of malware research with the SecureWorks Counter Threat Unit, in the report. “This is a long-term effort, and one that will require great political bartering and global treaties before cybercrime could be considered a risky endeavor by those who seek to abuse the Internet for their personal gain.”

Experts in the report are McAfee Labs researchers, as well as renowned security journalist Brian Krebs, Technical and Research Lead for Recurity Labs Felix “FX” Lindner and Joe Stewart. All of our experts agree that the recommendations laid out in the report are preliminary, and this is just the first step that needs to be taken industry-wide.

For a full copy of the McAfee Security Journal, please visit http://www.mcafee.com/us/research/mcafee_security_journal/index.html

Tags: critical infrastructure