Recently Avinti issued a security alert regarding a newly discovered targeted destination e-mail attack. Can you give us some details?
Targeted destination attacks are fairly academic and we've known they exist for some time but preventing and dealing with them has become a critical security issue. Companies faced with the infiltration of their networks are finding that the attacks are much more savvy and difficult to find and by the time they are found, they could have been plundering the network for days.
Clearly, the developers of malicious software are intelligent and well-trained. As such, they find innovative ways to bypass existing mechanisms for security. One such method was discovered as a recent virus distribution methodology was discovered to have by-passed to existing routing structure for e-mail in the internet. A recent variant was designed to bypass any hosted security solution, by going direct to a harvested IP address of the outward-facing gateway. This was not a chance occurrence. The malware AND distribution were a custom designed targeted attack for one specific customer.
During targeted destination attacks, all of this activity bypasses pattern-based security measures so the network can be under attack for a long period of time without the possibility of a new pattern being generated. Obviously this can cause a loss of proprietary assets and damage to the company network.
What is, in your opinion, the biggest challenge in protecting sensitive information at the enterprise level?
Probably the single biggest challenge in protecting sensitive information comes from underestimating how good the hacker community has become, and just how valuable personal and private data has become. A recent security report noted that the online theft of assets was Africa's biggest "industry". Digital identities, credit card numbers and intellectual property are worth a lot of money to criminals. It's an epidemic global issue and it continues to increase. On the black market, targeted destination attacks have become the preferred tool of the cyber criminal as it bypasses the most widely-deployed protection-the pattern-based AV solution.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.