The imagined villains are in fact the victims, but more importantly the problem of spy software being prevalent in Israeli companies came as a result of one of the most comprehensive investigations involving computer crime ever undertaken. The Trojan had been introduced by providing companies with contaminated files, or sending a contaminated e-mail message to the companies. This also raises concerns that this evaded all the security measures in place at the companies infected.
Today our businesses depend on the exchange of electronic information with our business partners but many of the mechanisms that are used still rely too much on the goodwill of our business partners, or the integrity of the systems that they use.
Two of the most commonly used methods, FTP and Digitally Signed emails, using technologies such as PGP, are not really equipped to deal with this type of situation. In Israel, emails were being received from trusted business partners, so digital signatures on the email would possibly be considered trustworthy. In the case of files being shared using systems such as FTP, the presence of malware detectors was unable to identify anything inappropriate.
The bottom line is that we frequently depend too much on the trustworthiness of those we deal with, and unless we take appropriate measures to deal with the eventualities such as this, we are leaving ourselves vulnerable.
So are there measures we can take?
Do not expose your internal networks to external parties - The process of transferring files in and out of the enterprise must be carried out without exposing and risking the internal network. No type of direct or indirect communication can be allowed between the partner and the enterprise network.
Ensure that the repository for files being moved back and forth is secure. While information is waiting to be retrieved by the enterprise or sent to the business partner, it must reside in a secure location. This is especially critical when the intermediary storage is located on an insecure network, such as the enterprise’s DMZ, outsourced site, or even the internet. Additionally you should take the steps to define what format files will have, and to ensure that they can only be deposited if they are virus free.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.