For the sake of argument, let’s say an anti-malware strategy combining cloud-based malware identification and information sharing capabilities could eliminate the bulk of malware. Even in a perfect world with perfect collaboration, such an approach will fall short of protecting enterprise systems against more sophisticated cyber attacks if it relies heavily on reactive blacklisting technology.
In the article, “IT security industry collaboration could eliminate 90% of malware,” Eugene Kaspersky, co-founder and chief executive of Kaspersky Lab, recently told attendees at Infosecurity Europe 2011 that identifying malware faster would reduce the number of initial infections to the point that it would break the business model of most cyber criminals.
“The number of initial infections will be so low that it will cost cybercriminals more to develop the malware than they are able to recoup.”
In all due respect to Mr. Kaspersky, there are two things that we take exception to in this article. Continue reading this post…
I’ve been saying for some time now that no business, regardless the size, is safe from modern cyber attacks. Each new security study seems to confirm the stark realities of today’s threat landscape, and how rampant data breaches really are. Even as I write this blog, it’s troubling to think about the countless number of organizations that are going about their normal daily business operations that don’t realize that dangerous malware has already penetrated their network, or that their data has been compromised.
Here’s a good case and point. In the recent article, “Verizon: More breaches but less data lost. Huh?!” Verizon’s 2011 Data Breach Investigations Report found that the number of data breaches from cyber attacks increased from 140 in 2009 to 760 last year. That’s a significant jump over a one-year span. On the flip side, however, the four million compromised records lost surprisingly fell from the 144 million data breaches in 2009. Continue reading this post…
Last week, I read an interesting piece by our friend at Gartner, Neil MacDonald. Neil wrote about how advanced intrusions are becoming increasingly undetected by traditional protection mechanisms like firewalls and antivirus software. In the article, “Advanced Persistent Threats: Finding the Needle in a Haystack,” Neil says spotting cyber threats today is much like searching for a “needle in the haystack.” As a result, security professionals are better off taking a whitelisting approach to remove the known good hay (referred to as “high assurance hay”) from the stack. Once the hay is identified, all you’ve got left are needles that can be discarded.
I really like the metaphor. The simple fact is that security professionals are no longer looking for a single needle, or even a few needles, in the haystack. They’re trying to find hundreds, potentially thousands, of needles in their network, many of which are successfully evading detection or cleverly disguised as good hay. Continue reading this post…
In the recent blog, “Stuxnet Targeting Specific SCADA Configurations,” Danny Lieberman provides a nice, thorough analysis of the high-profiled Superworm in its current state. From what we know, the virus targets plants with a specific configuration, is activated whenever WinCC or PCS7 software from Siemens is installed, and can influence the processing of operations in the control system under certain boundary conditions. And for the time being, Stuxnet can be removed from affected systems by standard antivirus programs with updated signatures as of August 2010.
This is what we know, but unfortunately, it’s what we don’t know that poses the real threat.
As I mentioned when Stuxnet was first discovered, it’s not the actual worm itself that poses the greatest threat, it’s copycat attacks that use the Stuxnet blueprint to take cyberweaponry to the next level. Continue reading this post…
The recent Epsilon security breach that resulted in millions of customer email addresses being compromised, brings to light something I’ve said before, but can’t emphasize enough: You can’t control everything your end-users are doing. What you can control is what they are causing.
While companies can educate and train end-users to be more mindful of dangerous phishing and social engineering attacks, the truth of the matter is people are people, and they are going to make mistakes. According to the InfoWorld article, “Report: End-user ignorance at Epsilon let hackers steal customer data,” in this particular case, a mistake made by one end-user in an email-based phishing attack effected many others simply because the user was connected to a larger network that stored millions of customer email addresses of big-name companies including Chase, Citi, Walgreens, Target, Disney Vacations, Fry’s and Eddie Bauer, to name a few. Continue reading this post…