Last week, I read an interesting piece by our friend at Gartner, Neil MacDonald. Neil wrote about how advanced intrusions are becoming increasingly undetected by traditional protection mechanisms like firewalls and antivirus software. In the article, “Advanced Persistent Threats: Finding the Needle in a Haystack,” Neil says spotting cyber threats today is much like searching for a “needle in the haystack.” As a result, security professionals are better off taking a whitelisting approach to remove the known good hay (referred to as “high assurance hay”) from the stack. Once the hay is identified, all you’ve got left are needles that can be discarded.
I really like the metaphor. The simple fact is that security professionals are no longer looking for a single needle, or even a few needles, in the haystack. They’re trying to find hundreds, potentially thousands, of needles in their network, many of which are successfully evading detection or cleverly disguised as good hay. ( Read More… )
In the recent blog, “Stuxnet Targeting Specific SCADA Configurations,” Danny Lieberman provides a nice, thorough analysis of the high-profiled Superworm in its current state. From what we know, the virus targets plants with a specific configuration, is activated whenever WinCC or PCS7 software from Siemens is installed, and can influence the processing of operations in the control system under certain boundary conditions. And for the time being, Stuxnet can be removed from affected systems by standard antivirus programs with updated signatures as of August 2010.
This is what we know, but unfortunately, it’s what we don’t know that poses the real threat.
As I mentioned when Stuxnet was first discovered, it’s not the actual worm itself that poses the greatest threat, it’s copycat attacks that use the Stuxnet blueprint to take cyberweaponry to the next level. ( Read More… )
The recent Epsilon security breach that resulted in millions of customer email addresses being compromised, brings to light something I’ve said before, but can’t emphasize enough: You can’t control everything your end-users are doing. What you can control is what they are causing.
While companies can educate and train end-users to be more mindful of dangerous phishing and social engineering attacks, the truth of the matter is people are people, and they are going to make mistakes. According to the InfoWorld article, “Report: End-user ignorance at Epsilon let hackers steal customer data,” in this particular case, a mistake made by one end-user in an email-based phishing attack effected many others simply because the user was connected to a larger network that stored millions of customer email addresses of big-name companies including Chase, Citi, Walgreens, Target, Disney Vacations, Fry’s and Eddie Bauer, to name a few. ( Read More… )
New trends in cybercrime show that hackers are shifting to more monetarily valuable information — unprotected intellectual property, and federal government networks. While traditional antivirus solutions struggle to keep up with today’s prolific attack software, Gartner recommends whitelisting as a complementary security defense in preventing malware attacks on corporate networks and PCs. Here are some of the top endpoint security stories for March 2011. ( Read More… )
There’s always a way in.
That’s the straightforward, yet disturbing message that hacker-for-hire, Marc Maiffret, made after his team, hired by a large California-based water system to probe the vulnerabilities of its computer networks, took control of the equipment to add chemical treatments to drinking water within one day, hypothetically making the water undrinkable for millions of homes. ( Read More… )