Targeted cyberattacks test enterprise security controls
Instead of prevention, the real focus should be attack mitigation
Computerworld - Targeted cyberattacks of the sort that hit Google and more than 30 other tech firms earlier this year are testing enterprise security models in new ways and pose a more immediate threat to sensitive data than a full-fledged cyberwar.
They're also an "existential threat" to the U.S., a top FBI official said last week.
Unlike older e-mail and network-borne worms and viruses, targeted attacks are stealthier and can give adversaries a way to break into an enterprise network -- and stay hidden there for a long time. Typically, the goal behind such attacks is to snoop and to steal sensitive information.
State-sponsored groups with deep technical skills and computing resources have been directing such attacks against government and military targets for several years now. But the increasing number attacks, and the fact that they have begun to spill over into the commercial arena, have prompted some people to speculate about whether the U.S. is in the midst of a cyberwar.
Not war -- yet
The consensus: Not yet. Instead, the targeted attacks highlight what's called the advanced persistent threat (APT) facing U.S commercial entities. The attacks typically rely on sophisticated social engineering techniques to exploit previously unknown security vulnerabilities, and they're difficult to fend off because they're designed to elude the signature-based malware-detection tools traditionally deployed at most companies.
Most attacks use social engineering to trick people with access to key information into opening tainted e-mails or other communications.
The malicious messages are crafted to look as if they're from someone the recipient knows and has been communicating with, said Paul Wood, a senior intelligence analyst in Symantec Corp.'s MessageLabs Intelligence unit. They can even be inserted into an ongoing e-mail exchange, gaining authenticity because they include familiar subject headers and references to ongoing conversations.
Who's most at risk? Company directors, vice presidents, managers and executive directors -- especially at smaller companies, according to MessageLabs. Because larger companies tend to be better protected than smaller ones, cybercriminals aim for small firms that might be suppliers or business partners to big ones, Wood said.
Dealing with these threats requires a new ways of thinking, said Sean Arries, a researcher at Terremark Worldwide Inc., a Miami-based provider of IT infrastructure services. Because the attacks often take advantage of zero-day threats for which no defense exists, blocking them with signature-based anti-malware tools is almost impossible, he said.
Detection is key
As a result, companies need to strengthen their ability to detect intrusions and respond quickly, Arries said. Since targeted attacks are designed to siphon out data via the network, keeping a close eye on network traffic can help detect anomalies. A gusher of data going out over the network is a warning sign that something's amiss.
- After Google-China dust-up, cyberwar emerges as a threat
- Targeted attacks test enterprise security controls
- Is the U.S. the nation most vulnerable to cyberattack?
- In cyberwar, who's in charge?
- Schmidt: Private sector key to stopping Google-style attacks
- Threat of cyberattacks from overseas high, federal IT execs say
- Estonia readies for the next cyberattack
- Think tank in Estonia ponders war in cyberspace
- Botnets 'the Swiss Army knife of attack tools'
- 'Cyber War' author: U.S. needs radical changes to protect against attacks
- Special report: Web giants attacked
- Enable secure remote access to 3D data without sacrificing visual perfomance Design and manufacturing companies must adapt quickly to the demands of an increasingly global and competitive economy. To speed time to market for...
- Virtually Delivered High Performance 3D Graphics "A picture is worth a thousand words." That old phrase is as true today as it ever was. Pictures (i.e., those with heavy...
- Best Practices for Securing Hadoop Historically, Apache Hadoop has provided limited security capabilities. To protect sensitive data being stored and analyzed in Hadoop, security architects should use a...
- Top Tips for Securing Big Data Environments: Why Big Data Doesn't Have to Mean Big Security Challenges Organizations must come to terms with the security challenges they introduce. As big data environments ingest more data, organizations will face significant risks...
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!