Recently Avinti issued a security alert regarding a newly discovered targeted destination e-mail attack. Can you give us some details?
Targeted destination attacks are fairly academic and we've known they exist for some time but preventing and dealing with them has become a critical security issue. Companies faced with the infiltration of their networks are finding that the attacks are much more savvy and difficult to find and by the time they are found, they could have been plundering the network for days.
Clearly, the developers of malicious software are intelligent and well-trained. As such, they find innovative ways to bypass existing mechanisms for security. One such method was discovered as a recent virus distribution methodology was discovered to have by-passed to existing routing structure for e-mail in the internet. A recent variant was designed to bypass any hosted security solution, by going direct to a harvested IP address of the outward-facing gateway. This was not a chance occurrence. The malware AND distribution were a custom designed targeted attack for one specific customer.
During targeted destination attacks, all of this activity bypasses pattern-based security measures so the network can be under attack for a long period of time without the possibility of a new pattern being generated. Obviously this can cause a loss of proprietary assets and damage to the company network.
What is, in your opinion, the biggest challenge in protecting sensitive information at the enterprise level?
Probably the single biggest challenge in protecting sensitive information comes from underestimating how good the hacker community has become, and just how valuable personal and private data has become. A recent security report noted that the online theft of assets was Africa's biggest "industry". Digital identities, credit card numbers and intellectual property are worth a lot of money to criminals. It's an epidemic global issue and it continues to increase. On the black market, targeted destination attacks have become the preferred tool of the cyber criminal as it bypasses the most widely-deployed protection-the pattern-based AV solution.
There are a number of factors involved in keeping sensitive information safe, but a company interested in protecting its assets will be thorough in its security assessment and ongoing auditing; the IT group will constantly evolve enterprise defenses, utilizing a number of security tools and solutions to protect every known entry point in the organization whether that be firewalls, intrusion detection, authentication, anti-spam, anti-spyware, anti-virus, etc.
A problem arises when a company puts too much faith into one product or solution when the reality is that no one product is capable of adequately protecting every level of an organization. A unified framework of solutions that also anticipates what may be of value to an attacker is what will at least keep a company a few steps ahead of the game.
What do you see your clients most worried about?