More, Worse Cyberattacks Seen Coming in 2004
by Paul Roberts

The New Year will offer weary network administrators little respite from a new generation of Internet worms, viruses and targeted hacks that appeared in 2003, according to security experts.


In 2004, malicious hackers will continue to take advantage of security weaknesses in popular communications protocols such as Remote Procedure Call (RPC), while improvements in hacker tools will shorten the time that technology vendors and their customers have to respond to new vulnerabilities, according to comments by leading security researchers and corporate security experts at the InfoSecurity 2003 Conference and Exhibition in New York City last week.

The experts, including chief security officers from eBay Inc. and Siebel Systems Inc., took part in a panel discussion of security vulnerabilities and so-called zero-day exploits -- vulnerabilities that are exploited by attackers before software patches have been issued.


Attacks that take advantage of holes in RPC will continue next year, according to Gerhard Eschelbeck of security company Qualys Inc. RPC vulnerabilities in Microsoft Corp.'s products were behind recent worms such as Blaster and Welchia, which spread worldwide in August.


While many of those attacks will target Microsoft operating systems, malicious hackers may also look for ways to exploit RPC security holes in Unix and Linux, he said.


RPC is a fundamental component of client-server computing. Next year we expect a multitude of vulnerabilities in (RPC), and those could lead to targets and attacks that are not homogenous, with a sudden shift to target different operating systems, Eschelbeck said.


With Microsoft planning security improvements to prevent Blaster-style attacks with the release of Windows XP Service Pack 2, hackers are also shifting their attention to areas not covered by the Redmond, Washington, company, according to panel member Jeff Moss, president and chief executive officer of BlackHat Inc.


In particular, hackers are exploring ways to attack memory heaps, or areas of computer memory that are created dynamically when programs run. Such attacks would sidestep protections Microsoft is building into Windows XP to protect against memory stack overflows, which Blaster caused, he said.


Improvements in the quality of software programs that hackers can use to develop code that exploits security vulnerabilities may result in more zero day exploits. At the same time, better rootkits, which allow hackers to surreptitiously control hacked computers, will make identifying compromised machines even more difficult, Ross said.


More at enterprisesecurity.symantec