Cyber Security Threats Are As Real For Industry As For Government

How eEspionage is done
According to Alan Paller, director of research at SANS Institute the attack of choice involves targeted spear phasing with attachments, using well-researched social engineering methods to make the victim believe that an attachment comes from a trusted source.
Social engineering involves nothing more than gathering information about people of interest via open sources like Linked In and Face book. The hackers emails appear to come from legitimate sources, as they include specific content such as a reference to recent meetings or a seemingly bone fide attachment.
Often the seemingly bone fide attachments contain exploit code which instructs the users machine to download an undetectable malware Trojan. Once activated, the Trojan allows the attackers to gain control of the users PC to upload specific files, e-mails or more importantly to access the broader network. Once access to the network is gained, the attack is broadened by stealing domain administrative and user credentials.
These persistent attacks target multiple systems and install various utilities to capture data and steal e-mails, list running processes and install dormant executables. Stolen data is sent to the attackers remote servers and, if they detect remediation efforts, theyll try to establish additional footholds and modify their malware. Often they install multiple back doors across the network to secure a reliable return route for a future visit. Dont be fooled: this isnt cyber-conjecture, its reality.
Earlier this year, we saw a new dimension when security tokens stolen from RSA were used to attack US defence contractor Lockheed Martin. We are seeing more and more cases and big samples of malware, McAfee chief security officer, Brett Wahlin, told Computerworld in June, that are going after everything from infrastructure like Night Dragon to security companies like RSA.
Why these attacks arent detected
You probably have a full array of defences and your security team is watching their logs and reports, so how could attackers get through your firewalls, intrusion detection systems, spyware catchers, virus scanners and SIEM systems? The answer is that these attacks are far more difficult to detect or prevent than the hacks of old. Theyre designed to circumvent traditional defences with custom-built malware that rules-based detect and prevent techniques are almost powerless to stop. The malware doesnt match known signatures or patterns, because it is designed not to, so current antivirus solutions only detect between 5 to 25% of this kind of malware.
The Verizon Business Data Protection Breach Report confirms this, finding that nearly two-thirds of malware investigated in the Verizon caseload was customized - the highest we have ever seen. The extent of customization found in a piece of malware can range from a simple repack of existing malware to avoid AV detection to code written from the ground up for a specific attack.
Alan Paller from the SANS Institute says that the people engaged in economic eEspionage are often the same people doing military espionage, using similar techniques to steal information from commercial organisations working in the attackers country. Custom-built Trojans have long been used by security agencies to siphon off vital intelligence, as Mossad reportedly did to obtain information on nuclear facilities in Syria.
However, its not only military intelligence at risk. Not long ago, a Trojan attack on an Australian financial institution fooled the firewall security and enabled documents to be sent to a hostile website through an open firewall port. The firewall showed the offending port closed, and there were no alerts to the contrary from other security systems. The attack was only stopped when behaviour-based security technology detected that significant amounts of information were trying to traverse the firewall.

About the Author:
Astal Mark writes for Tier-3 that raise your data protection to the highest level with Huntsman, providing intelligent data protection, threat management and Compliance Payback vs. Pain for government, finance and critical infrastructure since 1999

Article Originally Published On: http://www.articlesnatch.com

Tags: Data Protection

, eEspionage

Related....

Videos...

Recent Business Articles

The Worst Or Best Addiction Is Of The Coffee By: Dion Silva | May 29th 2012 - he major features of tea pouches and bags are eco- friendly, risk free, advanced design, flexible and reusable.

coffee bags

tea bags

How To Get The Best Performance From Team Members By: Frank | May 29th 2012 - Whether youre into finance and accounting services or business support servicesplacing a group of experienced employees together does not guarantee the success of a team. Each member must perform at a high-enough level to ensure that his contribution is an integral part of c ...

finance and accounting services

business support services

A Fruitful Deal On Real Estate Bangalore By: Andy | May 29th 2012 - The dearth of land, leading the population towards problem to get real estate Bangalore. The city is recognized as the IT city in India and for this reason; people look forward to the information on the property in Bangalore for sale.

real estate Bangalore

property in Bangalore for sale

Make Low Cost International Call By: clerkbob | May 29th 2012 - To make low cost international call several options are present that would help callers in making calls in reduced call rate.

Appropriate Calling Plan

Make Low Cost International Phone

8 Key Ways Innovation Catapults A Business To Success By: Peter Williamson | May 29th 2012 - What's your definition of effective innovation? A clever idea? A novel product or service? As the owner of a business coaching firm, the key word for me is "effective", and for innovation to be effective, it has to make my company money.

Dreams, wishes - these are ...

Meet The Smiths "�" Part 5: Calculating Child Support For Mr. Smith "�" Family Law Software By: Easy Soft | May 29th 2012 - Here at Easy Soft, our team works hard to keep the smile on your face by designing and supporting software created especially for attorneys, like our EzSupport-NY. When you use our software, youll be ready to perform child support calculations for every Mr. (and Mrs.) Smith ...

pa child support calculator

child support calculations

Things To Keep In Mind To Discover Namibia Property For Sale By: WenWal5 | May 29th 2012 - The purchase of a property is actually amongst one of the most important choices people produce in adult life. It is an essential option and big investment decision. This short article may help you create the proper selection and choose the best home.

namibia real estate for sale

namibia property for sale

Global Money Matters: Rajesh Sharma Money Matters By: Kiran K. | May 29th 2012 - US Treasuries prices rose on Wednesday as concerns over repercussions from a possible Greek exit from the Eurozone increased demand for safe haven US debt.10 year notes were at 1.73% down from 1.78%. Germany sold 4.56 billion euros ($5.8 billion) of bonds carrying a zero percen ...

Rajesh Sharma Money Matters

Money Matters Financial services Ltd

Invest In Commercial Real Estate Calgary By: Emily Smith | May 29th 2012 - Are you looking for some investment in the real estate market? Do you want to earn money without putting in much effort? I would highly recommend you to look into Calgary property.

Calgary Real Estate Agents

Commercial Real Estate Calgary

Initiatives To Keep Your Business Safe From Phishing Attacks By: Gladeyas | May 29th 2012 - Everybody is aware of the increasing risks in the online world but how many know for sure the ways these attacks are launched and how to prevent them? Its a negligible number.

phishing protection

phishing attacks

anti phishing tools

Comments

Still can't find what you are looking for? Search for it!

Site Navigation: