Slashdot Mirror

← Back to Stories (view on slashdot.org)

Security Threat Changing, Says Symantec CEO

Posted by ryuzaki0 on from the moving-target dept.

narramissic writes "At the Symantec Vision event in Tokyo Thursday, chairman and CEO John Thompson spoke about a shift his company has observed in the threat posed to computer users and companies by hackers. 'While a few years ago many people were much more focused on attacking the machine and attacking the broad-based activities that were going on online, now all of a sudden we've noticed a significant shift in both the type of attack and the motivation of the attack,' he said. 'The attacks that we see today are more targeted and more silent and their objective is to create true financial harm as opposed to visibility for the attackers.'"

52 of 78 comments (clear)

  1. Jack Thompson by entrylevel · · Score: 1

    Anyone else accidentally read that as "CEO Jack Thompson" the first couple times?

    --
    Karma: Incomprehensible (Mostly affected by posting at +5, reading at -1, and metamoderating everything unfair.)
    1. Re:Jack Thompson by __aaclcg7560 · · Score: 1

      No. I read it as "CEO Ewe Boll" and it all made sense.

    2. Re:Jack Thompson by Keaster · · Score: 1

      Yep, even worse I had just written somthing for my ethics class about him ... funny.

  2. Script Kiddies Growning Up by El+Torico · · Score: 2, Insightful

    I guess now they want money instead of just bragging rights.

    --
    In the land of the blind, the one-eyed man is usually crucified.
    1. Re:Script Kiddies Growning Up by kfg · · Score: 1

      So give Symantec all of your money to protect your money or all of your money will be gone.

      KFG

    2. Re:Script Kiddies Growning Up by Jester998 · · Score: 1

      y0! my m0M, taht wh0r3, shez l1k3, m4k1ng M3 p4Y r3N7 'n 5h17 n0wz. 1t'z l1k3 sH3 h4z sumpt1ng ag41n5t m3 ch1ll1n' iN h3R b4s3men7>>..

      0h w3llllz, Il'l ju57 us3 |\/|y b0t5 7o m4k3 mr0e m0nnnn3333yyyyy and t0 sh0w th4t b1tch.

      (Do I really need the humour tags around this post?)

    3. Re:Script Kiddies Growning Up by chucklinart · · Score: 1

      Materialism comes with maturity, unfortunately, and kids nowadays are cynical (realistic?) enough to realize that they're not going to become the next Gates or Jobs, so maybe they're thinking that cracking is a more viable career path. Sad, but I do understand how they feel -- it's a tough job market.

    4. Re:Script Kiddies Growning Up by cold+fjord · · Score: 1


      It isn't just script kiddies. Organized crime has been making moves into computer crime for some time. There are others too.

      Transnational Crime Syndicates
      Organized Crime Invades Cyberspace
      Cyber Threat Source Descriptions

      --
      much of left-wing thought is a kind of playing with fire by people who don't even know that fire is hot - George Orwell
  3. Heh by daeg · · Score: 2, Funny

    CEO: Quick! Vista is too secure and our products are too badly written to rewrite them for Vista. We need a new business model!
    Marketing Department: There's this... threat, yeah, threat... to like, businesses. They have a lot of money... maybe we can sham them for a few more years?
    CEO: Brilliant!

    1. Re:Heh by Apocalypse111 · · Score: 1

      A Microsoft product too secure? I think that line would be better written as:

      CEO: Quick! Our products are too badly written to rewrite them for Vista, and Microsoft is locking us out of the kernel anyways! We need a new business model!

      --
      There is no mod option "-1: Disagree" for a reason. "Overrated" is not an acceptable substitute. Post something instead.
    2. Re:Heh by RingDev · · Score: 1

      Couldn't have said it better myself. Not to understate the threat of security breaches in corporations, but most of those weeknesses are not corrected by crappy software like Symantic's Stuite.

      -Rick

      --
      "Most people in the U.S. wouldn't know they live in a tyrannical state if it walked up and grabbed their junk." - MyFirs
    3. Re:Heh by miffo.swe · · Score: 1

      Vista secure? Thats something time will tell but i have really strong doubts about that considering vital parts of the OS like tcp/ip are rewritten and needs a couple of servicepacks of bug fixes. Magic eight ball tells you to expect a truckload of security issues in the new untested code.

      --
      HTTP/1.1 400
    4. Re:Heh by msobkow · · Score: 1

      Targetted attacks to acquire indirect access to systems (take over your VPN in to the office), customer information, technology under development, or even some freak stalking some cutie on the second floor are all very real threats.

      The technology is easy. The attacks are only as difficult as accessing the resources to deploy the attack -- and most major corporations and government agencies have such resources. If a cracker seizes control over those resources, even temporarily, they can do a lot more than blast an unwanted popup from your browser.

      --
      I do not fail; I succeed at finding out what does not work.
  4. Duh,,, by xENoLocO · · Score: 1

    How much does this guy make a year? I can give him a few more tips if they'll pay me, too.

    --
    "The need to build the internet comes from something inside us, something programmed... something we can't resist."
    1. Re:Duh,,, by Bacon+Bits · · Score: 1

      I bet the story will be covered by Ric Romero.

      "People want money, and some are willing to use their programming skills with computers to steal your hard-earned cash! This story and more at eleven."

      Did anybody else not realize in 2002 that malware was just a way to make worms and trojan financially profitable?

      --
      The road to tyranny has always been paved with claims of necessity.
  5. Broad-based activities going on online? by siegesama · · Score: 1

    What the heck does that even mean? As best I can tell from context in TFA, it's a typographical error, and they meant "board-based," which makes sense when paired with the idea of simple defacement. But I could also see it being corporate-speak for "a broad range of attacks" or something.

    "Broad-based" sounds like a pornographic term, as opposed to "dude-based" I suppose. Which also makes some sense, since pornographic sites seemed like high-profile targets for defacement.

    --
    what the hell is a 'junk character', anyway?
    1. Re:Broad-based activities going on online? by chucklinart · · Score: 1

      I think what they mean is that there are many threats generally targeted at creating mischief and not really at causing real harm, but I've been known to misinterpret corporatese from time to time.

  6. wtf: lameness filter won't allow "wth" by Seismologist · · Score: 1

    Ok so I've read the news clip and I'm not to sure what is being said. How is what is being described anything new, much less a "major shift."

    --
    ~ In Trust, We Trust ~
  7. Good idea by kaoshin · · Score: 2, Interesting

    "businesses will have to spend more time and energy on making sure that data is not just secure but also recording which users are accessing and manipulating information stored in corporate databases" which are housed overseas and manned by guys who would kind of like to behead your infidel children.

    1. Re:Good idea by Mulielo · · Score: 1
      "businesses will have to spend more time and energy on making sure that data is not just secure but also recording which users are accessing and manipulating information stored in corporate databases"
      SOX 404 Makes all that necessary anyway, my company (big in insurance) has until mid-2007 to get every system locked down like that, and all the ones that keep track of financial data are already done, and we get audited monthly... Sorry Symantec, you're a little late...
  8. About time... by dmccarty · · Score: 2, Insightful

    Good. Now maybe people will take these threats seriously. When I started using computers (in the 80's) viruses were a serious threat. People talked about viruses with fear in their voice. These days they're just a nuisance.

    Oooh, that virus sends itself to all your buddies in your address book. How TERRIBLE! Wow, a virus pops up windows on your screen even though you didn't ask for it. How NAUGHTY!

    When I started using PC's, viruses would wipe out your entire drive. They would delete critical files. They would overwrite your boot sector. They would wipout your FAT table. Now THOSE were some viruses!

    Once viruses get back to the level of actual harm, maybe people will stop clicking around willy nilly and will start to invest--on both the corporate and consumer sides--in some real security.

    --
    Have fun: Join D.N.A. (National Dyslexics Association)
    1. Re:About time... by Eberlin · · Score: 1

      Different focus. I always try to explain the concept to people as the difference between e.coli and the common cold. If your purpose is harming a few hosts, then you go e.coli. If you want to spread to as many hosts as possible, you stay relatively harmless so the host has a chance to pass it along.

      The Internet has helped viruses/worms along as well, since they can now travel through time zones in a matter of seconds. In the old days, they generally had to be transmitted through floppies. Rates of infection are counted in days, if that.

      Viruses SHOULD be considered as threats. Unfortunately, as PC popularity increases and Internet connectivity rises, more people tend to take their machine's security for granted. Back then, there weren't a lot of Joe Sixpacks to worry about. Now, every other Joe Sixpack with a machine goes click-happy, damn the consequences.

    2. Re:About time... by monoqlith · · Score: 1

      Plus we had to walk 5 miles in 3 feet of snow to the computer to fix it. Uphill! Both way....

      with vacuum tube shards in your eye.

    3. Re:About time... by Keaster · · Score: 1

      I agree, I think its funny that a lot of people are snarky and so tounge in cheek reguarding the subject. They have probably never had to recover from a real threat.

    4. Re:About time... by Hamoohead · · Score: 1

      You forgot "Infect your soul, curve your spine, and keep your country from winning the war."

      --
      "If your parents never had children, chances are you wonât either." -Dick Cavett
    5. Re:About time... by CrossChris · · Score: 1

      "Once viruses get back to the level of actual harm, maybe people will stop clicking around willy nilly and will start to invest--on both the corporate and consumer sides--in some real security."

      1. There is NO REAL security available in any form of Windows. Users will have to change from Gatesware to something that works properly.

      2. The latest Windoze viruses allow a few reboots (to ensure they've spread themselves) before largely refomatting the hard drive that Windoze is on. It's pretty brutal, but is a great persuasion for Windows mugs to move to something that works!

  9. Boy he's right about that! by Illserve · · Score: 2, Funny

    The new security threat is from Symantec products!

    It's preloaded on new computers and there's nothing you can do to prevent it. Once you get the computer, it begs you to install it, if you do, god help you. If you change your mind about using norton, well... you've got a long night ahead of you, crack open a bottle of wine and fire up regedit.

    And if you don't uninstall it, and let it lapse, it'll be peppering you with "renew norton!" for the next thousand years. Ditto with McAffee.

    These cures are worse than the disease. At least a zombied computer isn't spitting up "Renew NOW" dialog boxes.

    1. Re:Boy he's right about that! by Shados · · Score: 1

      Yup. Yanno, its a shame that Microsoft had to change it to stop people from bitching: Ironically, preventing NAV from running on Windows was probably the most customer-oriented move they ever did, even though it was mostly a side effect >.>

    2. Re:Boy he's right about that! by Stephen+Tennant · · Score: 1

      No, but a zombied computer might offer you a bigger boner.

      --
      I spend most of my time in bed, darling.
    3. Re:Boy he's right about that! by taustin · · Score: 1

      In all seriousness, the Windows install CD is your friend. Repartition the drive, and start from scratch. Fuck Macafee and their malware Security Center that can't be uninstalled without booting in to safe mode.

    4. Re:Boy he's right about that! by Illserve · · Score: 1

      It doesn't come with an install CD. You make one after you get the machine running by doing a "backup". I'm sure the backup would carry the Norton Malware with it.

      These people are crooks.

    5. Re:Boy he's right about that! by taustin · · Score: 1

      I don't buy computers without a Windows install disk. With cheapass computers, you may well have to pay a few bucks extra for it (Dell charges $10), but the computer is useless without it.

    6. Re:Boy he's right about that! by Virgil+Tibbs · · Score: 1
      get nod32

      thats real AV like symantec used to be:

      functional with a minimal frontend www.eset.com

      --
      www.tdobson.net #### Dare to Dream #### blog.tdobson.net
  10. not true by eneville · · Score: 1
    The attacks that we see today are more targeted and more silent and their objective is to create true financial harm as opposed to visibility for the attackers.
    this is not true. people still want to attack and 0wn boxes just for spam relays.
    --
    Why UNIX?
  11. Looks like his way of scaring people by nsundeepreddy · · Score: 1
    This looks like another attempt scare people. In effect he is saying that people are not going to notice any major security problems but they will still be ripped off. "So have AV products installed on your system". Yea right!!

    I am not very sure he is raising this issue just to justify his AV product's position in the current turmoil due to the new M$ policy.

  12. As if Symantec is an authority by DietCoke · · Score: 2, Interesting

    We've got an active threat going on within our corporate network, it's already been determined to be within an existing worm family, and we get this response from one of their techs:

    "We do virus *detection*, not necessarily virus removal."

    You're telling that crap to a Gold support customer, Symantec, and you expect those of us in the field to give a tin shit what your opinion is?

    Word of advice: quit expressing opinions and start doing your goddamned job.

  13. targetted attacks are common by NynexNinja · · Score: 1

    I don't think this is anything new... Targeted attacks for financial gain were going on since at least the 1980's, so whats new about this?

  14. C'mon, we already saw 'Ghost In The Shell...' by Penguinisto · · Score: 1
    ...so why would anyone be surprised when the black-hat set starts busting into machinery for much the same reasons that the criminals in GITS did (albeit this time it doesn;t involve hacking another person's actual brain, but still...)

    Now if only we could authorize a company of elite paramilitary types to give script kiddies and spammers the same treatment... (evil grin).

    /P

    --
    Quo usque tandem abutere, Nimbus, patientia nostra?
  15. virus clusters and rootkit catalogs by VoidEngineer · · Score: 1

    Just last night, the hospitatal I work at got attacked by a virus cluster. In my 10 years of IT work, I've never seen anything like it. It focused on WindowsNT4.0 server, and when it hit, it had no less than 10 seperate trojans and viruses going on at the same time. We'd clean one server, and it would just get hit by another one. We figured out the address of the server that the infected machines were phoning home to, and the different virus types were all calling home to the same machine. It was like an infected machine would scan itself with a modified security analyzer, then phone home, and grab any viruses or trojans it could that would target the vulnerabilities identified by the security analyzer. Someone out there is operating a catalog of rootkits and trojans and viruses. Nastiest thing I've ever seen. When your company gets hit by one of these things, you'll know. The future of viruses involves malware security scanners and catalogs of viruses and trojans.

  16. Symantec CEO just put foot in mouth... by ratboy666 · · Score: 1

    Symantec security is reactive, not proactive. Which means its quite useless against specific directed attacks.

    After all, AV signature is only generated AFTER the V is seen in the wild.

    What we are talking about here would be very directed V (and other attack vectors). There are solutions, but the only way the Symantec can offer them is by converting to a service (not product) model.

    That's putting your foot in your mouth, CEO...

    Unless, of course, Symantec comes up with a proactive product solution (as much as I would wish for this, I am not holding my breath).

    Ratboy.

    --
    Just another "Cubible(sic) Joe" 2 17 3061
    1. Re:Symantec CEO just put foot in mouth... by SwashbucklingCowboy · · Score: 1
      Symantec security is reactive, not proactive. Which means its quite useless against specific directed attacks.

      Not true.

      If an admin knows that his company is being attacked he can make sure that all systems within the company get updated anti-virus definitions IMMEDIATELY instead of on a time interval.

      There are solutions, but the only way the Symantec can offer them is by converting to a service (not product) model.

      That's putting your foot in your mouth, CEO...

      LOL!

      Talk about putting your foot in your mouth, Symantec has a service called DeepSight that can inform an admin when their domain is being attacked.

    2. Re:Symantec CEO just put foot in mouth... by ratboy666 · · Score: 1


      And there is the weakness: "If an admin knows", Deepsite "Enabling proactive protection through the rapid delivery of actionable Early Warning security information".

      An interesting use of the word "proactive" in computer security. In my books, that is STILL reactive to threats. The reaction is to send out "early" warnings. Again, useless against a directed attack.

      And what would such an attack look like? Comission a scan of a binary (say), fuzzing it. Not reporting the results, but using this as an attack vector against a SINGLE company, with the objective being specific (money, disruption, whatever).

      And how does Symantec guard against this? The only solution is a truly proactive security policy (security is not a product, it is a process). The organization needs to have its methods surveyed, looking for potential problems -- if a breakin occurs, how much damage could it do? Assume that XYZ software is flawed, and assess the impact. Build an architecture that will withstand this attack.

      AFAIK, Symantec does not offer this service (it would be expensive). Maybe they plan to; "Deepsite" isn't it.

      The Internet is merely one of the threat vectors in an organization. Others, in the "directed" sense, are still more deadly. "Social Engineering", disaster response, etc. are still valid vectors.

      For example, if I wanted data from your organization, what would happen if I staged a fire alarm, or fire? Would that unlock areas, or remove key people? During a fire, would people have the sense of mind to log out workstations, or could I sneak in and install keyloggers then?

      Remember, the Symantec CEO was talking about specific directed attacks with purpose. The good news? Maybe the nuisance "psuedo-attacks" I suffer from may finally go away. They just waste bandwidth (unless that is the purpose).

      YMMV
      Ratboy

      --
      Just another "Cubible(sic) Joe" 2 17 3061
    3. Re:Symantec CEO just put foot in mouth... by ratboy666 · · Score: 1

      And why I want Symantec to go this route...

      Many companies feel secure after installing Symantec, or subscribing. "It is now secure..."

      In a way, Symantec is trying to provide "good enough" security, without providing security at all in a real sense.

      An example (real, but the names have been changed to protect the not-so-innocent), A governemnt organization keeps donor records for transplants. The information is promised to be "completely confidential". And yet, I receive a letter that the information has been leaked. They are not sure if it is a specific leak, or a byproduct. Someone simply broke a window of a building at night, and took a computer. Physically. The reactive measures? (1) inform everyone who is on that list, or has a relative on the list that this has happened, (2) put bars on the windows, and take other measures to increase physical security.

      I am sure that the agency emplyed Symantec (or equivalent, I don't know which AV solution), but it didn't really help with data loss, did it? If this WERE a directed attack on data assets (and it may have been -- security was so lax that it was impossible to even know); against "completely confidential" information... And this is the "low hanging fruit".

      Which Symantec service helps with this?

      YMMV
      Ratboy.

      --
      Just another "Cubible(sic) Joe" 2 17 3061
    4. Re:Symantec CEO just put foot in mouth... by SwashbucklingCowboy · · Score: 1
      Which Symantec service helps with this?

      Well, I'm not a Symantec salesperson, but apparently, such a feature is on the way.

      And to be fair to the other vendors, companies such as McAfee are also addressing this issue.

    5. Re:Symantec CEO just put foot in mouth... by SwashbucklingCowboy · · Score: 1
      In my books, that is STILL reactive to threats.

      At the macro level it is, at the micro level it isn't (at least not always). Many machines can be protected from a threat before they're ever subjected to attack.

  17. It's a serious threat!! by Asrynachs · · Score: 1

    'Our new anti-threat sotware protects you from this invisible mumbo jumbo. Ohhh don't you worry, we're still relevant because we still produce software. I mean think about it'

  18. Be Scared ... by McGiraf · · Score: 1

    ... be very scared

  19. John Thompson's speech sometime in the future... by chicago_scott · · Score: 1

    "At the Symantec Vision event in Bangalore Thursday, chairman and CEO John Thompson spoke about a shift his company has observed in the threat posed to computer users and companies by hackers. 'While a few years ago many people were much more focused gaining visibility, now all of a sudden we've noticed a significant shift in both the type of attack and the motivation of the attack,' he said. 'The attacks that we see today are more targeted and more silent and their objective is to create true bodily harm to the user as opposed to true financial harm.'"

    FUD. (btw, I like the new beta tagging system)

  20. Re:John Thompson's speech sometime in the future.. by mofomojo · · Score: 1

    It's when they use blanket statements like "hacker" that cause the most harm. If you're intelligent enough and actively participate in the "hacker" community then you'd know how much of a perjorative that using words like this is.

    They should say "Network Hackers" or "Criminal Network Hackers", just to clarify it. More than likely though, the people who are doing this stuff are just script-kiddies and the real hackers are causing very few people harm.

  21. Took him 'til now to realize? by Opportunist · · Score: 1

    The change was already blatantly visible a year ago. You can separate the malware of today in 2 groups:

    Malware that is used to spread more malware (i.e. mail worms etc)

    Malware that the first malware spreads that siphons money from you.

    Now that we crack down on their servers (because you have to gather the info somewhere), and with the increasing speed we can do this (currently we're at about a week between detection and shutdown, and we're getting faster), I can see the advent of a third group: Malware that turns your computer into a data mining server.

    But so far, that's still in the future. I'd wager about half a year 'til we see that group of malware emerge in force. So expect a report about it from Symantec in 2008.

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  22. Hmmm by DigitalSorceress · · Score: 1

    Does anyone else have a problem with the statement about the goal being financial harm. I'd say that is a result... the GOAL is to steal money.

    this is ~obvious~, but what it boils down to is a change in the economic realities. In the past, virus writers and other miscreants did what they did for social reasons: a sense of power, peer recognition, proof of concept, etc... Today, spammers, identity thieves, scammers, and so-on are paying cold hard cash for access to bot nets and/or comprised systems or the information which they contain. Economic forces have effectively converted one-time bullies and vandals into a new form of organized crime. Types of crimes which are evolving much faster than traditional law enforcement and lawmakers can keep up with. Sure... stealing money by any means is still stealing, but the knowledge required to catch and prosecute these kinds of criminals is not exactly common.

    --

    The Digital Sorceress
  23. Symantec, and other Dinosaurs that are slow moving by SkiifGeek · · Score: 1

    I think it is more the case that Symantec and the other well-established Information Security vendors are like dinosaurs stuck in hot tar. The environment around them is rapidly changing, and the smarter of them are now starting to recognise that their existing income streams are becoming less relevant - as Microsoft makes security improvements to their OS, and the attackers continually test against the security products to improve their ability to avoid detection. Now that they are identifying it, it is still going to take some time for them to adjust to the new environment and results are going to be mixed (when was the last major discovery by Microsoft's much-acclaimed honey-monkeys?).

    The third group of malware that you predict is out there and steadily gaining strength. Malware such as Haxdoor is used to extract as much juicy information as possible, before becoming a second stage malware (the money siphon). With the presence of significant botnets, easily written spiders / robots, it becomes a matter of how you define 'malware'. For example, some security vendors are classifying the distributed SETI client as malware, because clients are too lazy to block it via policy or other enforcement methods.

    Of course, there are InfoSec companies out there that have been focussed on the changing environment from the very start.

    --
    InfoSec that matters, when it counts.