Latest news
It was early morning on a typical business day when an intrusion detection system generated an alert of unusual TCP activity at a customer’s Boston branch office. Someone was scanning the network’s internal subnets for a backdoor program that could be used to control remote systems.
Network security specialists quickly determined this activity as hostile and identified the intruder as a consultant working for the client. After a verbal warning the hacking attempt ceased, only to resume later that night as a more sophisticated and difficult-to-track User Datagram Protocol (UDP) hacking attempt.
The hacker had switched to another remote control program consisting of two components: a server component that uses a virus like stealth mode to distribute itself on a network, and a client component the intruder can then use to explore and control the infected network.
But good detective work and a mistake on the part of the intruder, led to his demise. Rather than confront the intruder immediately, security personnel scanned the hacker’s own computer and began capturing forensic data. That analysis revealed that the hacker had inadvertently installed both the client and server components of the remote control program on his own system – a flaw the security exploited to turn the hacker’s own tool against him.
A detailed examination of the consultant’s computer revealed sensitive information taken from the customer’s network, and by logging the intruder’s actions, the security team amassed absolute proof of the attempted theft.
Realizing he had been caught, the consultant worked desperately to delete both the pilfered files and his hacking tools, but thanks to good intrusion detection technology and sound security management, this hacker was shut down before he could do any serious damage.
Highlighting the trends
That early-morning threat can be seen as the exception that proves the rule of internet security. It was an exception, because unlike so many cyber attacks, the intruder was identified and thwarted before he could cause significant harm. Yet it proved the rule that in today’s online society, companies and agencies of all kinds are threatened by a rising tide of internet-based intrusion, crime and warfare.
“To protect themselves, organizations must understand who is trying to compromise their networks and the tools those intruders use,” says Mike Stute, co-founder and Chief Technology Officer of Global DataGuard. “They must also understand the technologies that are available to identify and fight those attacks.”
Spotlight
The security of WordPress plugins
Posted on 18 June 2013. | Checkmarx’s research lab identified that more than 20% of the 50 most popular WordPress plugins are vulnerable to common Web attacks, such as SQL Injection.
Information security executives need to be strategic thinkers
Posted on 17 June 2013. | George Baker, the Director of Information Security at Exostar, talks about the challenges in working in a dynamic threat landscape, offers tips for aspiring infosec leaders, and more.
Large orgs in denial about own security breaches?
Posted on 14 June 2013. | Over two thirds (66%) of large organizations said they either had not experienced a security incident in the last 12-18 months or were unsure if they had.
Vulnerability scanning with PureCloud
Posted on 12 June 2013. | nCircle PureCloud is a cloud-based network security scanning product built upon the companies' vulnerability and risk management system IP360.
Reactions from the security community to the NSA spying scandal
Posted on 11 June 2013. | Read on for comments on this scandal that Help Net Security received from a variety of security professionals and analysts.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.
 |
