Targeted cyberattacks test enterprise security controls
Instead of prevention, the real focus should be attack mitigation
Computerworld - Targeted cyberattacks of the sort that hit Google and more than 30 other tech firms earlier this year are testing enterprise security models in new ways and pose a more immediate threat to sensitive data than a full-fledged cyberwar.
They're also an "existential threat" to the U.S., a top FBI official said last week.
Unlike older e-mail and network-borne worms and viruses, targeted attacks are stealthier and can give adversaries a way to break into an enterprise network -- and stay hidden there for a long time. Typically, the goal behind such attacks is to snoop and to steal sensitive information.
State-sponsored groups with deep technical skills and computing resources have been directing such attacks against government and military targets for several years now. But the increasing number attacks, and the fact that they have begun to spill over into the commercial arena, have prompted some people to speculate about whether the U.S. is in the midst of a cyberwar.
Not war -- yet
The consensus: Not yet. Instead, the targeted attacks highlight what's called the advanced persistent threat (APT) facing U.S commercial entities. The attacks typically rely on sophisticated social engineering techniques to exploit previously unknown security vulnerabilities, and they're difficult to fend off because they're designed to elude the signature-based malware-detection tools traditionally deployed at most companies.
Most attacks use social engineering to trick people with access to key information into opening tainted e-mails or other communications.
The malicious messages are crafted to look as if they're from someone the recipient knows and has been communicating with, said Paul Wood, a senior intelligence analyst in Symantec Corp.'s MessageLabs Intelligence unit. They can even be inserted into an ongoing e-mail exchange, gaining authenticity because they include familiar subject headers and references to ongoing conversations.
Who's most at risk? Company directors, vice presidents, managers and executive directors -- especially at smaller companies, according to MessageLabs. Because larger companies tend to be better protected than smaller ones, cybercriminals aim for small firms that might be suppliers or business partners to big ones, Wood said.
Dealing with these threats requires a new ways of thinking, said Sean Arries, a researcher at Terremark Worldwide Inc., a Miami-based provider of IT infrastructure services. Because the attacks often take advantage of zero-day threats for which no defense exists, blocking them with signature-based anti-malware tools is almost impossible, he said.
Detection is key
As a result, companies need to strengthen their ability to detect intrusions and respond quickly, Arries said. Since targeted attacks are designed to siphon out data via the network, keeping a close eye on network traffic can help detect anomalies. A gusher of data going out over the network is a warning sign that something's amiss.
- After Google-China dust-up, cyberwar emerges as a threat
- Targeted attacks test enterprise security controls
- Is the U.S. the nation most vulnerable to cyberattack?
- In cyberwar, who's in charge?
- Schmidt: Private sector key to stopping Google-style attacks
- Threat of cyberattacks from overseas high, federal IT execs say
- Estonia readies for the next cyberattack
- Think tank in Estonia ponders war in cyberspace
- Botnets 'the Swiss Army knife of attack tools'
- 'Cyber War' author: U.S. needs radical changes to protect against attacks
- Special report: Web giants attacked
- Radicati: Cloud Business Email - Market Quadrant 2013 Google was named the top cloud business email provider in a recent report by research firm Radicati. Out of 14 key players, Google...
- Tablets in the Enterprise: A Checklist for Successful Deployment How can you enterprise manage and secure tablets in order to protect corporate data while providing access to the information and applications employees...
- Enterprise Mobility: A Checklist for Secure Containerization The advantages and disadvantages of the multiple approaches to containerization. Learn More>>
- Enterprise File Sync & Share Checklist File sync and share has changed the way people work and collaborate in today's tech-savvy world. Gone are the email roadblocks, clunky FTP...
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Security White Papers | Webcasts