Skip the navigation

Targeted cyberattacks test enterprise security controls

Instead of prevention, the real focus should be attack mitigation

April 7, 2010 06:00 AM ET

Computerworld - Targeted cyberattacks of the sort that hit Google and more than 30 other tech firms earlier this year are testing enterprise security models in new ways and pose a more immediate threat to sensitive data than a full-fledged cyberwar.

They're also an "existential threat" to the U.S., a top FBI official said last week.

Unlike older e-mail and network-borne worms and viruses, targeted attacks are stealthier and can give adversaries a way to break into an enterprise network -- and stay hidden there for a long time. Typically, the goal behind such attacks is to snoop and to steal sensitive information.

State-sponsored groups with deep technical skills and computing resources have been directing such attacks against government and military targets for several years now. But the increasing number attacks, and the fact that they have begun to spill over into the commercial arena, have prompted some people to speculate about whether the U.S. is in the midst of a cyberwar.

Not war -- yet

The consensus: Not yet. Instead, the targeted attacks highlight what's called the advanced persistent threat (APT) facing U.S commercial entities. The attacks typically rely on sophisticated social engineering techniques to exploit previously unknown security vulnerabilities, and they're difficult to fend off because they're designed to elude the signature-based malware-detection tools traditionally deployed at most companies.

Most attacks use social engineering to trick people with access to key information into opening tainted e-mails or other communications.

The malicious messages are crafted to look as if they're from someone the recipient knows and has been communicating with, said Paul Wood, a senior intelligence analyst in Symantec Corp.'s MessageLabs Intelligence unit. They can even be inserted into an ongoing e-mail exchange, gaining authenticity because they include familiar subject headers and references to ongoing conversations.

Who's most at risk? Company directors, vice presidents, managers and executive directors -- especially at smaller companies, according to MessageLabs. Because larger companies tend to be better protected than smaller ones, cybercriminals aim for small firms that might be suppliers or business partners to big ones, Wood said.

Dealing with these threats requires a new ways of thinking, said Sean Arries, a researcher at Terremark Worldwide Inc., a Miami-based provider of IT infrastructure services. Because the attacks often take advantage of zero-day threats for which no defense exists, blocking them with signature-based anti-malware tools is almost impossible, he said.

Detection is key

As a result, companies need to strengthen their ability to detect intrusions and respond quickly, Arries said. Since targeted attacks are designed to siphon out data via the network, keeping a close eye on network traffic can help detect anomalies. A gusher of data going out over the network is a warning sign that something's amiss.

Our Commenting Policies
Internet of Things: Get the latest!
Internet of Things

Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!