Wednesday, October 30, 2013

What We Learned from APTs in the Current Year

Early this year we witnessed major IT firms suffering from data breaches of one kind or another, and they have come out in the open about the breaches, as well. A couple of examples are Apple and Twitter. It’s going to be costly if the enterprises play according to the old book of rules—develop and deliver. The threat landscape has seen remarkable changes, especially with the cloud being the major form of technology sought after these days. Security threats have seen a marked evolution from botnets and spywares to advanced malwares and APTs. Firms such as Mozilla, Google, Facebook, and many others realized this simple fact and have started bounty programs to detect and prevent security breaches. Attacks have been engineered to steal trade secrets, insider information, authentication credentials, and other personal information of the targeted enterprises.
Gone are the days when an enterprise could be secured by a network-centric approach based on perimeter security. APTs have arrived and it’s all about data now! Hardly ever do we see any data-centric security approaches these days. In my previous two articles here, I have explained about APTs and how to crack their maze. Today, I am going to find out what we can learn from these APT-based attacks and what alternative approaches an enterprise needs to follow to combat them more effectively.
Who Is Attacking Us?
Gone are the days when a cybercriminal was the only form of attacker that the security desk had to fight with. These days we have various forms of attackers other than cybercriminals: hacktivists, governments, individuals, fame-seekers, etc. Hacktivists are the ones who initiate a cyber-war to voice their opinions. Governments, on the other hand, are interested to find out the trade secrets for economic reasons or even the defense secrets of a particular nation. Fame-seekers are the ones who hack with no monetary reason—heck, no target either—and launch cyber-attacks in a wildcard manner so they can later boast on social networking sites about their so-called “achievement.”
Do You Trust Your Partners?
APTs these days are so sophisticated that, instead of attacking their target directly, they sometimes route their attack via a partner organization in order to find easier entry points against an organization with strict perimeter security. For example, a multinational company, XYZ Inc., is partnered with a vendor like PQR LLC for certain tasks. As a partner, PQR LLC would have a privileged access to the premise of XYZ Inc. It’s easier for an attacker to route the attack via PQR LLC to gain an additional privilege in the early stages of the attack than to attack XYZ Inc. directly.
What Percentage of the Population Do You Cover?
It’s an obsolete idea that hackers target “only” nuclear bases. Nowadays, the attacks are wide-ranging and it is the coverage of world population using your products that matters. Why? The reasoning is simple: more people, more victims, and higher profit.
Where Is Your Weakest Link?
Many researchers have pressed the line, “The organization’s security is as strong as its weakest link.” In most cases where data breaches happened, it took just one system to enter the premises in order to leverage the access levels and cause considerable damage to the infrastructure. The weakest links can be any of the BYODs, freedom of access from a home PC, or even a misconfigured wi-fi access point.

No comments:

Post a Comment

Support : Relax Viet
Copyright © 2013. Security24h - All Rights Reserved
Design by Namkna
Best View Resolution 1024 x 768 pixel