Hackers Channeling R&D Into Better Malware
Cloud computing, search engine optimization and security exploit frameworks are all examples of tools that can help both legitimate companies and hackers conduct their business more effectively, security researchers said Tuesday in a panel discussion at RSA 2010 in San Francisco.
Metasploit, the open-source penetration testing framework bought by Rapid7 last year, was originally created as an exploitation framework but is quickly morphing into a general purpose attack suite, according to Ed Skoudis, vice president of security strategy for Predictive Systems.
For hackers, Metasploit now offers the convenience of built-in libraries, integrated port scanning, integrated sniffing and keystroke logging, and a growing amount of automation. And with the integration of SQL attacks via the open source SQLmap, Metasploit's power continues to expand, Skoudis said.
Still, running Metasploit against a well-defended network with good security controls doesn't pose much of a threat, says Andrew Plato, president at Anitian Enterprise Security, a Beaverton, Ore.-based security solution provider. He believes the benefits of tools like Metasploit outweigh the potential disadvantages.
"These tools are great for security and provide a common framework for evaluating applications and systems," said Plato. "It would be foolish to restrict them just because of what could happen from bad people getting a hold of them."
The Russian Business Network, one of the largest organized crime syndicates involved in malware distribution, was recently found to be using Amazon EC2 to launch cloud based attacks. That they would look to cloud computing makes sense given the economies of scale necessary for resource intensive tasks like password cracking, Skoudis said.
Miscreants are also using search engine optimization to get their malware-serving Web sites to appear at the top of popular keyword searches. Remotely controlled Trojans and malicious code that changes itself every time it runs are other examples of innovation in the world of malware development.
"Attackers have reliable business models that spin off additional cash that goes into R&D and makes malware better over time," said Skoudis.