Security Threats Outpace Net Usage Growth

More than 6 percent of e-commerce transactions were potentially fraudulent.

Internet security breaches and fraud attempts have outpaced the “impressive” growth of Internet usage with the U.S. being the biggest target by attackers, according to statistics released by Verisign.

Verisign, which markets digital commerce and communication products and services to enterprise clients, reported that the number of security events per device it managed increased by nearly 99 percent between May and August of 2003.

According to the company’s Internet Security Intelligence Briefing report for October 2003, the 51 percent year-over-year growth in Internet usage has been outpaced security and fraud threats, which are increasing both in number and complexity. “From a geographical perspective, the United States continued to be the leading source, accounting for nearly 81 percent of security events,” Verisign said.

Top Regions for Security
Events Generated, Q2 ’03
United States 80.92%
Australia 6.37%
Canada 2.93%
Netherlands 2.13%
China 1.74%
South Korea 1.08%
Germany 0.41%
Brazil 0.40%
United Kingdom 0.38%
France 0.28%
Source: Verisign

The Mountain View, Calif.-based firm painted a glowing picture of Web usage, reporting that DNS [define] resolutions grew by more than 50 percent between August 2002 and August 2003. Verisign said DNS resolutions for email jumped a whopping 245 percent in the same period.

Verisign claims it processes more than 10 billion DNS queries per day, more than three times the daily volume three years ago.

But, along with the heady growth of usage comes a major security threat. Data from Verisign’s fraud prevention systems indicate that 6.2 percent of e-commerce transactions were potentially fraudulent, and over 52 percent of fraud attempts against Verisign merchants now originate from outside of the U.S.

Top Source Regions for Fraud Attempts,
April-August 2003
United States 47.79%
United Kingdom 5.25%
Nigeria 4.81%
Canada 4.66%
Israel 4.46%
Indonesia 2.07%
Germany 1.94%
Ireland 1.85%
Ghana 1.84%
Denmark 1.08%
Other 24.24%
Source: Verisign

“There is increasing evidence of overlap between perpetrators of Internet fraud and security attacks,” the company reported, noting that the data showed extremely high correlation (47 percent) between sources of fraud and sources of security attacks. “Attackers who gain control of Internet host machines are using these compromised hosts for both security attacks and fraudulent e-commerce transactions,” according to the report.

Based on the evidence, Verisign warned that attacks in the future would be “more blended, more complex, more portent and more coordinated.”

“The SoBig virus provides a great example of the sophistication of these threats,” the company noted, referring to the destructive mass-mailing virus that carpet-bombed the Internet in September 2003 and reduced network traffic to a crawl.

“The worm had its own domain name resolution mechanism, and it was programmed to bypass the local DNS resolvers as well as any local cache, conceivably to make it spread more easily and therefore more potent. It was programmed to lookup for a DNS name of a recipient’s email address directly from A or B DNS root Servers,” Verisign reported.

The company, which operates the A-root server, observed a 25 times increase in email related DNS lookups (MX record lookups) per-second in its A-root cluster, noting that the traffic did not abate until September 10, when the virus was programmed to self-destruct.

“We believe this is the first time DNS root servers were used to speed up the rate infection, as a study of other well-known mass-mailing viruses such as Bugbear and Klez did not reveal similar increases in MX record lookups during their infectious periods,” Verisign added.

The company said its network security team found a definite correlation between fraud attacks and network security attacks, a scenario which indicates that people who are attacking enterprise network perimeters are also likely to be committing online fraud.

“Hackers tend to attack a system to gain sensitive information such as credit cards or account logins which they can sell to other hackers, or they attack a system to gain privileged access (root access) to the machine which can also be traded with other hackers, or used to launch follow on attacks,” the company warned.

In addition, intruders tend to use compromised hosts or proxies to hide their tracks. Once a hacker gains access to a machine, they tend to install a specific software called ‘rootkit’ which gives them the privileged access to the system. “The rootkit ensures the anonymity of the hacker by automatically deleting the important logs on the system that can be used to trace the hacker’s activities,” Verisign added.

After a privileged access is obtained and ‘rootkit’ installed, Verisign reported that hackers then use the compromised machine to attack other machines without being traced.

Subscribe to get your daily business insights

Whitepapers

US Mobile Streaming Behavior
Whitepaper | Mobile

US Mobile Streaming Behavior

5y

US Mobile Streaming Behavior

Streaming has become a staple of US media-viewing habits. Streaming video, however, still comes with a variety of pesky frustrations that viewers are ...

View resource
Winning the Data Game: Digital Analytics Tactics for Media Groups
Whitepaper | Analyzing Customer Data

Winning the Data Game: Digital Analytics Tactics for Media Groups

5y

Winning the Data Game: Digital Analytics Tactics f...

Data is the lifeblood of so many companies today. You need more of it, all of which at higher quality, and all the meanwhile being compliant with data...

View resource
Learning to win the talent war: how digital marketing can develop its people
Whitepaper | Digital Marketing

Learning to win the talent war: how digital marketing can develop its peopl...

2y

Learning to win the talent war: how digital market...

This report documents the findings of a Fireside chat held by ClickZ in the first quarter of 2022. It provides expert insight on how companies can ret...

View resource
Engagement To Empowerment - Winning in Today's Experience Economy
Report | Digital Transformation

Engagement To Empowerment - Winning in Today's Experience Economy

2m

Engagement To Empowerment - Winning in Today's Exp...

Customers decide fast, influenced by only 2.5 touchpoints – globally! Make sure your brand shines in those critical moments. Read More...

View resource