• UK
  • World
    • USA
  • Entertainment
    • Celeb
    • Showbiz
    • Magazine
  • Politics
  • Sports
  • Gaming
  • Tech
  • Science
    • Education
  • Insurance
  • Business
  • Auto
  • ToS/Contact
    • ToS
    • Privacy Policy
    • Contact
NewsExplored
  • UK
  • World
    • USA
  • Entertainment
    • Celeb
    • Showbiz
    • Magazine
  • Politics
  • Sports
  • Gaming
  • Tech
  • Science
    • Education
  • Insurance
  • Business
  • Auto
  • ToS/Contact
    • ToS
    • Privacy Policy
    • Contact
  • Facebook

  • Twitter

  • LinkedIn

  • Tumblr

  • RSS

Tech

The web burglars trying to break in every second

The web burglars trying to break in every second
Newsexplored
25th March 2019
5
SHARES
ShareTweet
SubscribeRedditGoogleWhatsappStumbleuponPinterestDiggLinkedinTumblrTelegram
Views:
5
Masked burglar holding torchImage copyright Getty Images

Businesses are under siege every second of every day, bombarded by a “grey noise” of potentially harmful web traffic seeking access to their networks. But IT staff often can’t tell the malicious traffic from the benign. Why?

If your office building were visited thousands of times a day by criminals peering through the windows seeking a way in, you’d be understandably nervous about hanging around.

Yet any organisation with an online presence gets exactly this type of unwelcome attention all the time.

Security researcher Andrew Morris calls this constant barrage “grey noise” and has started a company of the same name with a mission of logging, analysing and understanding it.

“This is the biggest, hardest, strangest problem I could find to study,” he tells the BBC.

He logs the break-in attempts using a network of so-called honey-pot computers scattered around the internet that he has set up. Outwardly these computers resemble run-of-the-mill servers and so attract the attention of the bots and cyber-thieves looking to break in.

Image copyright Andrew Morris
Image caption Andrew Morris says about 95% of all web traffic is malicious

And they attract a lot of attention.

In 2018, Mr Morris’s network was hit by up to four million attacks a day. His honey-pot computers process between 750 and 2,000 connection requests per second – the exact rate depends on how busy the bad guys are at any given moment.

His analysis shows that only a small percentage of the traffic is benign.

That fraction comes from search engines indexing websites or organisations such as the Internet Archive scraping sites. Some comes from security companies and other researchers.

The rest – 95% and more – is malicious.

data-ad-format="auto">

It can come from self-propagating computer viruses, known as worms, that use a compromised computer to seek out fresh victims, or can be cyber-criminals looking for servers vulnerable to particular security loopholes.

More Technology of Business

It can also be dumb devices, from printers to routers, that have been hijacked looking for their kin to enrol them in a vast attack network.

“There’s an absolutely massive amount of traffic that’s being generated by all these hosts around the internet and the vast majority is not generated by good guys,” says Mr Morris.


“I see tens of thousands of infections every day.”

But blocking this tidal wave of troublesome traffic isn’t easy. This is because, at first glance, it looks benign.

Whenever you access a website your computer first pings a message to it to find out whether it’s live. This a standard “handshake” procedure that all legitimate traffic uses.

But cyber-thieves have found that if they handshake in the right way they can find out useful information about a target organisation and potentially find a way to get inside.

And it’s only when anyone takes the time to trace the origin of this traffic that it becomes obvious it is malicious.

Image copyright Getty Images
Image caption Every second of every day business computer networks are under siege

“There is a continuous background hum of connections made to systems to see what they are and what they do,” says Martin Lee, outreach manager for Cisco’s Talos security team in Europe.

“It’s the constant noise of connections just like people rattling door handles and checking locks.”

Put an unprotected computer on the net and it’ll be infected by malware in seconds and possibly enslaved in a botnet army carrying out attacks on other targets.

“Someone is always trying to hack you,” says Mr Lee. “It’s one of the banal facts of the internet.”

Given that investigating and blocking is a Herculean task no network administrator wants to take on, the constant rattle is largely ignored, says Dr Paul Vixie, chief executive of Farsight Security and author of some of the net’s core addressing software.

“On the internet, nothing that can be abused will not be,” he says.

Wading through that vast amount of information makes it very hard for any net administrator to pick out the attacks that matter from the background roar. Instead, they just log it and move on.

“People do not go into network administration because they like truth and beauty,” says Dr Vixie ruefully.

Image copyright Getty Images
Image caption Brazil is one of the worst countries for malicious web traffic, says Andrew Morris

So Andrew Morris is trying to extract some useful insights from his vast corpus of data, using it to profile bad sources of traffic and spotting patterns in attempted infections. Ultimately it might be used to make a filter that can block the bad stuff. Or one that highlights the really nasty stuff that network administrators do need to notice.

He now has a good idea of the dodgiest online neighbourhoods, which seem to be Brazilian and Vietnamese internet service providers (ISPs) who are doing a poor job of protecting their customers. This negligence is allowing the bad guys to get a toehold inside vulnerable machines.

These are followed by the cloud-hosting companies. All are strong sources of grey noise, says Mr Morris.

Good neighbourhoods are few and far between, though they do exist.

One of the most decent is Finland. It has worked hard to ensure that its corner of the net cannot be used as a proxy for attacks. Many cyber-thieves try to cover their tracks by spoofing the origin of the malicious connection request.

Image copyright Getty Images
Image caption Finland has taken great pains to prevent its web addresses from being abused by cyber-criminals

Finland has put in place policies, which it polices diligently, to limit the abuse of its domains.

A spokesman for Finland’s cyber-security centre told the BBC that it has laws and statutes that require ISPs and domain registrars to try as much as possible to limit abuse. It also uses automatic tools that scan for malicious use of Finnish domains – those that end in .fi – and report when the abuse is happening.

“That is one success factor in making the Finnish internet one of the cleanest ones in the world in terms of malware,” he says.

Mr Morris’ analysis of the traffic coming from the bad neighbourhoods is already starting to reveal interesting and useful patterns.

The early signs of massive attacks can be seen long before they start to hit everyone. That has been true of several headline-grabbing events such as those that hit office printers and Google’s Chromecast.

“There’s a weaponisation time limit,” he says. “That’s useful to know for defenders to get their stuff patched before they get hit by the bad guys.

“That means defenders do have time to react – it’s not hopeless.”

Follow Technology of Business editor Matthew Wall on Twitter and Facebook

Share this:

  • Click to share on Twitter (Opens in new window)
  • Click to share on Facebook (Opens in new window)
  • Click to share on Google+ (Opens in new window)
  • Click to share on LinkedIn (Opens in new window)
  • Click to share on Tumblr (Opens in new window)
  • Click to share on WhatsApp (Opens in new window)
  • Share on Skype (Opens in new window)

Related

Related Itemsbreakburglarseverysecondtrying
Tech
25th March 2019
Newsexplored @newsexploredweb

Related Itemsbreakburglarseverysecondtrying

More in Tech

  • Read More
    NHS e-health systems ‘risk patient safety’

    Views:5 Image copyright Getty Images Hospitals across England are using 21 separate electronic systems to record patient...

    Newsexplored 25th March 2019
  • Read More
    Sweden’s Ericsson to pay over $1bn to settle US corruption probe

    Views:5 Image copyright Reuters Image caption Ericsson is one of world’s biggest makers of mobile network equipment...

    Newsexplored 25th March 2019
  • Read More
    Labour pledges to electrify UK bus fleet

    Views:5 Image copyright Getty Images Labour plans to make the entire UK bus fleet electric by 2030...

    Newsexplored 25th March 2019
  • Read More
    Kashmir users kicked off WhatsApp

    Views:5 Image copyright Getty Images Image caption Streets in Kashmir are mostly deserted since the lockdown came...

    Newsexplored 25th March 2019
  • Read More
    Heavy fine for Chinese firm over unlicensed game

    Views:5 Image caption A notice announcing the fine appeared on a Chinese government website A game launched...

    Newsexplored 25th March 2019
  • Read More
    Uber had 6,000 US sexual assault reports in two years

    Views:5 Image copyright Getty Images Uber said it received almost 6,000 reports of sexual assault in the...

    Newsexplored 25th March 2019
  • Read More
    Bug busters: The tech behind new vaccines

    Views:5 Image copyright Getty Images Image caption The ebola vaccine was not ready in time for the...

    Newsexplored 25th March 2019
  • Read More
    Chinese residents worry about rise of facial recognition

    Views:5 Image copyright Getty Images Image caption Some buses in Shanghai have had facial recognition systems fitted...

    Newsexplored 25th March 2019
  • Read More
    DeepMind co-founder Mustafa Suleyman switches to Google

    Views:5 Image copyright Getty Images Image caption Mustafa Suleyman helped develop the controversial Streams health app Mustafa...

    Newsexplored 25th March 2019
  • Read More
    HackerOne pays $20,000 bug bounty after ‘sloppy’ breach

    Views:5 Image copyright Getty Images A company which helps big businesses uncover security holes in their platforms...

    Newsexplored 25th March 2019
  • Read More
    Drones monitor south coast of England for migrant boats

    Views:5 Image copyright PA Media Image caption Hundreds of migrants have been intercepted by Border Force in...

    Newsexplored 25th March 2019
  • Read More
    Apple iPhone 11 Pro ‘can override location settings’

    Views:5 Image copyright Apple Image caption Apple’s much-vaunted user control is acknowledged by a security researcher, despite...

    Newsexplored 25th March 2019
Scroll for more
Tap
data-ad-format="auto">
NewsExplored

NewsExplored - Making sure all the latest news is explored?

Contact us for help

  • Popular

  • Latest

  • Comments

  • General election 2019: Kate Griffiths selected as Tory candidate
    UK13th November 2019
  • General election 2019: SNP to take legal action over ITV election debate
    UK13th November 2019
  • The art of hunting down stolen treasures
    Entertainment16th November 2019
  • Heavy rain causes flooding across northern England
    UK7th November 2019
  • Trump impeachment: White House signals it will not attend hearings
    USA6th December 2019
  • Pensacola shooting: Three killed in US naval base classroom shooting
    USA6th December 2019
  • Virginia bans prison strip-searches for children
    USA6th December 2019
  • US jobs growth jumps in November
    USA6th December 2019
  • Les Rehrer says:

    Hello Its me :P and thanks for this post

  • optumrx login says:

    Thank For News.

  • Kent Laatsch says:

    Please let me know if you're looking for a writer…

  • Bob says:

    RT News was where I learned that Erdogan controlled isis.…

Copyright © 2018 Top News Theme. Theme by MVP Themes, powered by Wordpress.

Britons get ‘bad deal’ from broadband giants
EU backs controversial copyright law
We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.Ok