Last week, I read an interesting piece by our friend at Gartner, Neil MacDonald. Neil wrote about how advanced intrusions are becoming increasingly undetected by traditional protection mechanisms like firewalls and antivirus software. In the article, “Advanced Persistent Threats: Finding the Needle in a Haystack,” Neil says spotting cyber threats today is much like searching for a “needle in the haystack.” As a result, security professionals are better off taking a whitelisting approach to remove the known good hay (referred to as “high assurance hay”) from the stack. Once the hay is identified, all you’ve got left are needles that can be discarded.
I really like the metaphor. The simple fact is that security professionals are no longer looking for a single needle, or even a few needles, in the haystack. They’re trying to find hundreds, potentially thousands, of needles in their network, many of which are successfully evading detection or cleverly disguised as good hay. Continue reading this post…
In the recent blog, “Stuxnet Targeting Specific SCADA Configurations,” Danny Lieberman provides a nice, thorough analysis of the high-profiled Superworm in its current state. From what we know, the virus targets plants with a specific configuration, is activated whenever WinCC or PCS7 software from Siemens is installed, and can influence the processing of operations in the control system under certain boundary conditions. And for the time being, Stuxnet can be removed from affected systems by standard antivirus programs with updated signatures as of August 2010.
This is what we know, but unfortunately, it’s what we don’t know that poses the real threat.
As I mentioned when Stuxnet was first discovered, it’s not the actual worm itself that poses the greatest threat, it’s copycat attacks that use the Stuxnet blueprint to take cyberweaponry to the next level. Continue reading this post…
There’s always a way in.
That’s the straightforward, yet disturbing message that hacker-for-hire, Marc Maiffret, made after his team, hired by a large California-based water system to probe the vulnerabilities of its computer networks, took control of the equipment to add chemical treatments to drinking water within one day, hypothetically making the water undrinkable for millions of homes. Continue reading this post…
In today’s competitive market place, highly targeted marketing plans are essential for reaching your core audience and getting the most bang for your buck. This is what most organizations strive for, and hackers have taken note.
Over the past few years, cyber criminals have embraced a similar business model. Instead of playing the numbers game, which consists of randomly spamming tens of thousands of people in hopes of getting a small percentage of victims to click on their malicious code, malware attacks are now truly targeted. Acting sort of like niche malware, hackers design specific cyber attacks that target specific victims, companies and industries.
As a result, no vertical is safe today. Continue reading this post…
If targeted cyber attacks weren’t already one of the year’s top security concerns, a new study revealed that they’re no longer limiting their focus on the corporate giants of the world. They’re becoming the norm for midsized businesses, as well. This was just one of several recent reports and newly surfaced malware like the Stuxnet worm that have security professionals on high alert. With more stealthier attacks aimed at beating forensic efforts, cyber crime continues to have a growing impact on organizations and their bottom line. Here are some of the top security stories from July 2010. Continue reading this post…