Could a curious toddler be the model for today'scybercriminals? A colleague recently suggested this idea, andit made me wonder.

Consider the typical 2-year-old toddler. To him, almostany object begs to be touched, shaken, or tossed across theroom. While childproofing can help, it often doesn't matterhow carefully the adults have prepared and locked away theirbreakable objects – to a toddler, everything is fair game. Similarly, cybercriminals seek opportunities for theft and inventways to sneak past anything that stands in their way.

The curious toddler analogy may better describe the early, moreinnocent days of cybercrime. Ten years ago, the Code Red, SQLSlammer and “I Love You” viruses overloaded servers, defacedwebsites, and created headaches for the IT community at large.While these attacks were clever and had a significant impact, theygenerated more noise than outright theft.

Today's cyber-criminals possess the persistence but not theinnocence of the curious toddler. Criminals probe forvulnerabilities in operating systems, Web browsers and otherthird-party applications in order to make money.

Cyber criminals can leverage these vulnerabilities to deployadvanced malware packages, such as Zeus or TDSS. With annualcybercrime losses estimated as high as $20.7 billion in the U.S.and $110 billion globally, it's little wonder why ournot-so-innocent toddlers are so persistent.

Criminals have also complicated the situation by developingmethods to evade detection from security countermeasures. Aprime example is the Black Hole exploit kit – one of the mostprevalent and successful tools available to cyber-criminalstoday.

Black Hole's approach is relatively simple – convince users toclick on a malicious link embedded in an email or a compromised Webpage from a known and trusted website. The initial URL willoften redirect the user's browser to several compromised serversuntil it reaches a malicious Black Hole server. There theexploit kit detects the browser and plugin versions, and exploitsknown vulnerabilities. Next thing you know, the victim's PCis sniffing sensitive information or joining a botnet.

Black Hole's streamlined infection technique is complemented bymeasures to reduce detection. Black Hole uses random, short-termURLs to stay ahead of Web filters which need to categorize the URLin order to block it. Black Hole's malware packages are scrambledon the fly to reduce the effectiveness of anti-malware programs andintrusion prevention systems.

The latest version of Black Hole (2.0), claims to supportexploits for the latest vulnerabilities and incorporates additionallogic to only serve attacks that are likely to succeed. Also,the “redirect URLS” are more unique and randomized than in previousversions.

Good as our defenses may be, our relentless cyber-criminaladversaries try to stay one step ahead by continually developingbetter tools and methodologies. In a world where even layereddefenses are challenged by the growing sophistication ofcyber-criminal tools and tactics, how can we better protect ourcredit unions in a cost-effective manner?

Here, the persistent toddler analogy works well. With so manypenetration attempts starting with a social engineering pitch, itmakes sense for staff to view any email with an unusual link orattachment as a potential phish, and any physical visitor capableof leaving an infected USB drive for an unsuspecting user tofind. These attacks may be simple, but also they're alsoeffective.

Security awareness training is an important first line ofdefense against these attacks. While some argue that the “humanfactor” is the hardest to control, I would counter that thisincreases the training's value. Security systems can't protect usagainst everything, unfortunately.

Of course, training is just one of many layers that help usprotect our organizations. In light of today's persistent attacks,it makes sense to periodically review and question theeffectiveness of our defenses. Viewing security as a processrather than a checklist helps everyone focus on optimizationwherever and whenever we can.

Low-cost approaches for protecting your credit union includemodifying firewall rules and/or deploying new Web filteringtechnology to help deal with some of these drive-by style downloadattacks. The idea is to continually wring more value and protectionout of our current security infrastructures.

Like any parent “childproofing” a home, we need to do the bestwe can to prepare and protect our systems and data from relentlessand ever-advancing attacks.

Matt Lidestri manages security and Internetservices for COCC in Avon, Conn.