By Gregg Keizer
Aug 28, 2006
More than 8 out of every 10 computer attacks against businesses could be
stopped if enterprises checked the identity of not only the user, but
also the machine logging onto its network, a report released Monday
The study, conducted by a California research firm and paid for by BIOS
maker Phoenix Technologies, used data from cases prosecuted by federal
authorities between 1999 and 2006 to reach its conclusions.
"We wanted to get an honest viewpoint that wasn't opinion- or
survey-based," said Dirck Schou, the senior director of security
solutions at Phoenix. The problem with acquiring data on computer
attacks, including the amount of damage done, is that companies are
often hesitant to admit to a breach. "That's the beauty of this [data],"
said Schou. "It's only looking at those who have actually suffered an
According to the report, attacks based on logging in with stolen or
hijacked credentials cost businesses far more, on average, than the
typical worm or virus assault. When a privileged account is penetrated
by an unauthorized user, the average damage runs to $1.5 million, the
report said. The average cost from a single virus attack was much
smaller: under $2,400.
"Cyber criminals who accessed privileged accounts obtained IDs and
passwords through many means," the report said. "Network sniffing, use
of password cracking programs, and collusion with insiders. It was also
common for employees to share their IDs and passwords with coworkers who
later left the organization and used that knowledge to gain access."
To bolster that outsider-as-attacker claim, the study also said that
nearly 6 in 10 attackers had no relationship with the victim. (Just over
a third (36 percent) were current and former employees.) Although the
report's data contradicts other surveys that have pegged company
insiders as the root of most attacks, the idea that credentials are good
for ill-gotten gains isn't new. Earlier this year, for example, IBM
predicted that attackers would increase their attacks against employees
rather than networks.
"Viruses equal vandalism, but unauthorized log-ons lead to theft," said
Schou. However, he acknowledged that the latter can come from the
former, with worms and Trojan horses increasingly after information such
as usernames and passwords rather than hoping to injure or bring down a
Overall, unsanctioned computers -- not among the systems actually
expected to access the network -- were used in 84 percent of the
attacks. The bulk of the attacks -- 78 percent -- came from at-home
Naturally, Phoenix made much of that conclusion. It claimed that 84
percent of the attacks in the survey could have been prevented had the
victim been protected by device authentication schemes. Such security
identifies not only the user by checking ID and password, but can tell
if the hardware has been authorized to connect to the network. Phoenix,
for instance, sells a solution dubbed TrustConnector 2, that creates a
unique identity for every authorized PC.
"What surprised us was the intensity and preponderance in unauthorized
access attacks," said Schou. "We think device authentication is in the
right time, right place.
"There are a lot of companies that aren't securing the device."
HITBSecConf2006 - Malaysia
The largest network security event in Asia
32 internationally renowned speakers
7 tracks of hands-on technical training sessions.
Register now: http://conference.hitb.org/hitbsecconf2006kl/