Security Experts On Alert for Large-Scale Hacker Assault

The security industry is on alert that an upswing in hacker activity could be signaling the

coming of a broad-scale attack that could potentially affect millions of networks.

The increased hacker activity is pinpointing a vulnerability in Microsoft Corp.’s Windows

operating system. A problem with the Windows RPC Interface Buffer Overrun was first

disclosed on July 16. Security experts say hackers started experimenting with the

vulnerability almost immediately, and the rate of system probes and online chatter about the

vulnerability has been skyrocketing.

”We’re very concerned,” says Dan Ingevaldson, an engineering manager with Altanta-based

Internet Security Systems, Inc. ”Administrators have a window of time to fix their systems,

but that window is getting smaller… We think there’s a risk here to the entire Internet.”

There’s enough of a wide-scale risk that the Department of Homeland Security (DHS) is on

alert. David Wray, a DHS spokesman, says his people have been monitoring the situation and

are in direct contact with the security community, as well as with industry.

”We’re seeing an Internet-wide increase in probing that could be a search for vulnerable

computers,” says Wray. ”It could be a precursor and it bears continued watching… It

certainly could be serious. It could lead to the distribution of destructive, malicious code

and it could cause considerable disruption.”

But Wray and security experts agree that the situation could be defused if IT managers and

individual consumers immediately download and install the patch that Microsoft has issued

for the RPC vulnerability.

The vulnerability itself, which affects Windows NT, Windows 2000 and Windows XP machines, is

a serious one.

Qualys, Inc., a security auditing and vulnerability management company based in Redwood

Shores, Calif., has rated the Windows flaw as the most critical one out there right now.

Gerhard Eschelbeck, CTO of Qualys, says it involves the most prominent protocol used in the

Windows environment and leverages highly exposed ports

Ingevaldson notes that the vulnerability is unique in that it affects both servers and

desktops, expanding the reach of any exploit that takes advantage of it.

”We haven’t seen much of that before this,” says Ingevaldson. ”It’s the first major

vulnerability that crosses the line between desktops and servers. It’s a core component of

the operating system.”

And Ingevaldson says there’s a lot of potential for damage here.

”Look at SQL Slammer,” he adds. ”That affected between 100,000 and 300,000 machines.

There’s a lot more Windows XP and 2000 out there. There’s a very large pool of vulnerable

machines. Millions potentially.”

And that kind of potential is drawing a sizable amount of attention from the hacker

community.

Chris Belthoff, a senior security analyst with Sophos, Inc., a security and anti-virus

company based in Lynnfield, Mass., says there hasn’t been an increase in virus or worm

activity yet, but they are seeing a major increase in system probes. Hackers are poking into

computers and networks around the world to see what systems are in place and what

vulnerabilities haven’t been patched.

The hackers have been experimenting with the exploit, says Ingevaldson, who has seen several

versions of the same tool that is being used to prod at the vulnerability.

And Qualys’ Eschelbeck says they have been monitoring online chatter about the vulnerability

in the hacker community. ”There’s a lot of creativity being put in right now to make the

exploit more powerful… and hit on a wider scale,” he says. ”It’s a strong indicator that

things are in the making.”

Most agree that the exploit would come in the form of a worm, since the vulnerability

doesn’t lend itself to a Denial-of-Service attack.

What security experts aren’t agreeing on is if the probes and increased hacker activity is

coming from one person or an organized group. The Department of Homeland Security is

reporting that there’s no evidence at this point that it’s an organized attack or that it’s

a matter of international terrorism.

But Sophos’ Belthoff says it does ring of an organized effort.

”My guess is that it’s a number of people,” he says. ”It’s not just an individual person

doing all these probes to assess vulnerability levels. The probes are distributed. The

normal level is pretty high and this is way above that.”

Belthoff adds, ”It’s a race against time and the potential for a new, big worm outbreak.”

RELATED NEWS AND ANALYSIS

• Ethics and Artificial Intelligence: Driving Greater Equality

  FEATURE |  By James Maguire,
  December 16, 2020

• AI vs. Machine Learning vs. Deep Learning

  FEATURE |  By Cynthia Harvey,
  December 11, 2020

• Huawei’s AI Update: Things Are Moving Faster Than We Think

  FEATURE |  By Rob Enderle,
  December 04, 2020

• Keeping Machine Learning Algorithms Honest in the ‘Ethics-First’ Era

  ARTIFICIAL INTELLIGENCE |  By Guest Author,
  November 18, 2020

• Key Trends in Chatbots and RPA

  FEATURE |  By Guest Author,
  November 10, 2020

• Top 10 AIOps Companies

  FEATURE |  By Samuel Greengard,
  November 05, 2020

• What is Text Analysis?

  ARTIFICIAL INTELLIGENCE |  By Guest Author,
  November 02, 2020

• How Intel’s Work With Autonomous Cars Could Redefine General Purpose AI

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle,
  October 29, 2020

• Dell Technologies World: Weaving Together Human And Machine Interaction For AI And Robotics

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle,
  October 23, 2020

• The Super Moderator, or How IBM Project Debater Could Save Social Media

  FEATURE |  By Rob Enderle,
  October 16, 2020

• Top 10 Chatbot Platforms

  FEATURE |  By Cynthia Harvey,
  October 07, 2020

• Finding a Career Path in AI

  ARTIFICIAL INTELLIGENCE |  By Guest Author,
  October 05, 2020

• CIOs Discuss the Promise of AI and Data Science

  FEATURE |  By Guest Author,
  September 25, 2020

• Microsoft Is Building An AI Product That Could Predict The Future

  FEATURE |  By Rob Enderle,
  September 25, 2020

• Top 10 Machine Learning Companies 2021

  FEATURE |  By Cynthia Harvey,
  September 22, 2020

• NVIDIA and ARM: Massively Changing The AI Landscape

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle,
  September 18, 2020

• Continuous Intelligence: Expert Discussion [Video and Podcast]

  ARTIFICIAL INTELLIGENCE |  By James Maguire,
  September 14, 2020

• Artificial Intelligence: Governance and Ethics [Video]

  ARTIFICIAL INTELLIGENCE |  By James Maguire,
  September 13, 2020

• IBM Watson At The US Open: Showcasing The Power Of A Mature Enterprise-Class AI

  FEATURE |  By Rob Enderle,
  September 11, 2020

• Artificial Intelligence: Perception vs. Reality

  FEATURE |  By James Maguire,
  September 09, 2020