By Alice Straight, TMCnet Web Editor
The prime target of cyber criminals is to find ways to misappropriate businesses and users for their own profit, which can vary from financial motivation to publicity.
Cybercrime now deploys a new type of attack called non-vulnerability based attacks. These attacks do not exploit known or unknown application vulnerabilities but rather use application transactions for malicious activity, so they go undetected by standard network security tools. A few examples of non-vulnerability based attacks include: brute force attacks, aiming to defeat a business authentication scheme; HTTP page floods, originating in Botnets and targeting application server resources; and web application hacking that scans a web site looking for vulnerable pages.The July 2009 cyber attacks on the USA and South Korea commercial and government web sites were a reminder that DDoS attacks are a major threat to the on-line industry: eCommerce sites, critical infrastructure and government. A few other cases in the past 2-3 years include the shutdown of game servers (2007), the Estonia DoS attack (2007), the Georgia DoS attack (2008) and the Iran election protest attack (2009). In 2010-11 we expect to experience DDoS attacks at the same rate as in 2007-9, however the shift is in the magnitude of the attacks. The July 2009 attacks ended with only a few gigabits of attacks in volume – in 2010-11 we expect to see attacks above 10 gigabit. New types of attacks, including application misuse activities, are generated by completely real source IP addresses – it is the users who are not real! This is referred as the “artificial user phenomena”. This impacts on-line businesses ranging from advanced application layer DoS attacks to competitive intelligence, “robotic gambling”, bid robots, advertising click robots, information theft, SPAM activities, SPIT (Spam overInternet Telephony) activities and general misuse of application memory and CPU resources – all which have an immediate negative effect on business revenues. In other VoIP news:Banned schmanned – Skype (News – Alert) continues to “see growth opportunities in the Middle East” despite being banned in parts of the area, and thinks things are rosy in Asia overall.”There are a couple of governments that officially banned Skype…but what we see in most of the developing world (is that) they are embracing Skype,” Chief Executive OfficerJosh Silverman told Dow Jones Newswires. “I would say we see growth in the Middle East in general.”Currently, Skype cannot be downloaded in Oman, the UAE and Kuwait, although the software can be used if it is previously installed on a computer, Dow Jones says. This, of course, is to force people to use the usually grossly-overpriced existing licensed (government revenue cash cow) telecom operators.Channel News Asia reported that Skype “intends to have its Internet voice call software preloaded on 100 million personal computers in 2011.” Silverman said the company has partnered Asian manufacturers to have the Skype software installed, Channel News Asia says.Also Japanese software company ageet Corporation has released a softphone called GuardVox. It is a secure phone for Windows using ZRTP protocol to provide security for IP telephony. IP phones use Voice over Internet Protocol technology for making calls on the internet instead of the Public Switched Telecom Network system. VoIP has been considered as the “next big thing” in the enterprise telecom sector from 1990s for reducing expenditure on call charges and also on the internal network infrastructure. There is always a tradeoff between risk and cost in a business environment. Higher budgetary allocation has gone towards providing better security for the data network while Companies have been using VoIP for voice calls. As VoIP technology is far cheaper in comparison with the PSTN system, nearly 60 percent of the voice calls are being made using VoIP.Skype is one such IP phone which is commonly being used. It has become popular with additional features such as instant messaging, file transfer and video conferencing.
Alice Straight is a TMCnet editor. To read more of her articles, please visit her columnist page.
Edited by Alice Straight
#comment-top
View the Original article