Security threats: Unwrapping 2011
by Tomer Teller - Security Evangelist, Check Point - Thursday, 7 July 2011.
The attackers are highly trained security experts, who are motivated by an appetite for challenge and financial gain. These attacks are planned and orchestrated with the precision of a military assault, where hackers first try and reproduce the entire network of the targeted organization in order to simulate the attack in their own lab environment, before executing their scenario. As evidenced in the HBGary case, criminals are showing a high degree of patience and determination.

Social engineering attacks

Another similarity is that these attacks result from social engineering techniques. Cyber-criminals are now targeting and manipulating employees inside the organization, “hacking the human mind” to break into the organizations’ systems. In the case of Epsilon, they tricked one of the company’s employees into opening a phishing email and clicking on a link. The hackers then gained access to the employee’s credentials, and exploited them to reach the corporate database.

Unfortunately, users are almost always the weakest links in an organization’s security system. There is always a vulnerable user to be found: it can be a new, unaware employee, or an overly nice secretary who shares a little too much information. Once inside, hackers operate in silence. They stay under the radar to steal as much information as possible before their presence is detected and corporations start investigating. This can sometimes take years.

In addition, these Cyber-criminals are no longer isolated amateurs. They belong to well-structured organizations that resemble terrorist cells - with money, motivation and goals. They can deploy considerable intelligence, time and resources in order to craft original social engineering attacks and gather informational assets. The only question as to the potential damage they can cause, is how far an attacker is willing to go?

Information: hackers’ gold mine

Financial information is not the only valuable data worth stealing. What we see in these breaches is that attackers are looking more for general customer information and less for specific billing or credit card data. Indeed, such information can be very lucrative for spammers.

When you have a customer database record, such as a user name, linked to a name and an email, you already have a lot of valuable information. This information can be used to craft a customized spam message, bearing the user’s name, details and interests, which will appear legitimate.

Chances are higher that a user will open a customized spam message and click on it, than if they receive generic spam. This in turn increases the profitability of a spammers’ campaign. Imagine for example emailing 500,000 recipients with a proposal to buy some product. If only 1 recipient out of 1,000 orders your product, that's already 500 new orders. Now you can imagine the latent profit that a spammer can make with 70 millions email addresses and individual information.

Lessons in protection

Companies shouldn’t buy into the illusion that they are compliant and therefore safe from attacks. Targeted attacks are on the rise and no company is completely bulletproof. Businesses must erect as many barriers as possible between cyber-criminals and their corporate network and assets.

Protection starts with the deployment of an in-depth security strategy across the network, endpoints, and multiple security devices connecting to the network. Enterprises need to apply several layers of protection, including an advanced Firewall and Intrusion Prevention System (IPS) to detect blended threats; a comprehensive endpoint security solution to secure all endpoints and mobile devices; a preventative data loss prevention solution to protect informational assets.


Harnessing artificial intelligence to build an army of virtual analysts

PatternEx, a startup that gathered a team of AI researcher from MIT CSAIL as well as security and distributed systems experts, is poised to shake up things in the user and entity behavior analytics market.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Mon, Feb 8th