U.S. & Chinese Computers Launched Cyberattacks

Posted on
Share on Google+Share on LinkedInShare on FacebookShare on RedditTweet about this on TwitterEmail this to someone

<strong>Atlanta &mdash; Sept. 22</strong><br />SecureWorks, a security-as-a-service (SaaS) provider, has published the locations of the computers from which the greatest number of cyberattacks were attempted against its clients in 2008. The United States topped the list with 20.6 million attempted attacks originating from computers within the country, and China ran second with 7.7 million attempted attacks emanating from computers within its borders.<br /><br />This was followed by Brazil with more than 166,987 attempted attacks, South Korea with 162,289, Poland with 153,205, Japan with 142,346, Russia with 130,572, Taiwan with 124,997, Germany with 110,493 and Canada with 107,483.<br /><br />”We believe these statistics are significant because it clearly shows that the United States and China have a lot of vulnerable computers that have been compromised and are being used as bots to launch cyberattacks,” said Hunter King, security researcher for SecureWorks. <br /><br />”This should be a warning to organizations and personal computer users that, not only are they putting their computers and networks at risk by not securing them, but they are actually providing these cybercriminals with a platform from which to compromise other computers.”<br /><br />Computer security can be greatly improved by keeping your Web browser and operating system up-to-date, using the latest versions of anti-virus and anti-spyware software, following safe computer practices such as being wary of the Web sites you visit and not clicking on attachments and links within e-mails until verifying that the sender intentionally sent the enclosed link or attachment.”<br /><br />”These findings illustrate the ineffectiveness of simply blocking incoming communications from foreign IP addresses as a way to defend your organization from cyber attacks, as many hackers hijack computers outside their borders to attack their victims,” said Don Jackson, director of threat intelligence for SecureWorks. <br /><br />”The Georgia/Russia cyberconflict was a perfect example of this. Many of the Georgian IT staff members thought that by blocking Russian IP addresses they would be able to protect their networks. However, many of the Russian attacks were actually launched from IP addresses in Turkey and the United States, so consequently, they were hit hard. This was a perfect example where we saw Russian cybercriminals using compromised computers outside their borders.”<br /><br />”On the other hand, we have found that many of the Chinese hackers will compromise large networks within their own country and use them as bots to attack other organizations,” continued Jackson. “For example, entire university networks in China will belong to local hacker groups.”<br /><br />”China&#39;s hackers do create botnets from spamming through e-mail and blogs, but a relatively larger percentage of the compromised hosts under Chinese control are simply machines in schools, data centers, companies &mdash; in other words, on large networks &mdash; that are mostly unguarded and consequently are entirely controlled by hacker groups, as opposed to distributed bots harvested from widely distributed international spam runs,&rdquo; said Jackson. <br /><br />”And often the groups have an insider in the networks they own. We also see many local hacker groups in Japan and Poland compromise hosts within their own country to use in cyberattacks, so the Chinese hackers are not alone in using resources within their own borders.”<br /><br />With hackers utilizing computer resources inside and outside of their borders, SecureWorks suggested that in addition to securing computers with ongoing system and security updates and patches, organizations should utilize a black list to block inbound communications from known malicious IP addresses. Organizations should also block outbound communications to foreign countries known to harbor hackers and block outbound communications to hostile networks known to host criminal activity.<br /><br /> This way if your organization does have an infected host within its network, the host will be blocked from sending personal or company data to the cybercriminals. Of course, some of these hostile networks do support a handful of legitimate sites. In addition to a blacklist, your organization can use a separate whitelist to allow outbound communication only to trustworthy sites on those otherwise hostile networks.<br /><br />”SecureWorks blocks attacks no matter what machines or countries they are coming from. When a machine represents a clear and present danger, our Security Operations Center and technology might decide to block all traffic from that machine forcing the criminals to be constantly finding new machines to attack from,” said Jon Ramsey, SecureWorks&#39; CTO.<br />

Share on Google+Share on LinkedInShare on FacebookShare on RedditTweet about this on TwitterEmail this to someone


Posted in Archive|