Categories: SecurityWorkspace

In Security, Life’s Too Short To Play Catch-Up

It will come as no surprise that cyber-attacks are on the increase, if recent surveys are true. Around 90 percent of firms reported having been hit in the past year.

The report, conducted on behalf of Juniper Networks by Ponemon among 583 US respondents last June, has been followed by a report for Hewlett-Packard from the same research firm. In the latest report, the researchers found that cyber-attacks are becoming even more commonplace, if not chronic.

“The companies in our study experienced 72 successful attacks per week [in total] and more than one successful attack per company per week,” the Poneman report stated.

A Worsening Situation

The Second Annual Cost of Cyber Crime Study covers 50 multinationals based in the US. It is the second report for Arcsight, a company HP acquired just after the first report was published last year.

How far these figures transfer to large UK firms is open to debate but the story here is unlikely to be much different.

The most costly cyber-crimes are those caused by malicious code, denial of service, stolen devices and web-based attacks, rather than standard hacking. The cost racks up because mitigation requires implementation of technologies such as security information and event management (SIEM) and enterprise governance, risk management and compliance (GRC) measures.

Breaking down the figures, more than 50 percent in the latest survey believed that security breaches in their organisations have increased. Nearly 30 percent said they experienced a security breach by unauthorised internal access, while the remaining 20 percent responded that they had experienced an external breach.

Ripples In A Raging Sea

HP’s big splash at its Protect Your Universe conference, also inherited from Arcsight, is an expo-load of products appearing in HP Enterprise Security Solutions framework. Like many of the “new” products we have seen being rushed out to combat the “new” threats, it seems that it is a change of emphasis rather than anything radical.

Where DDoS attacks are concerned, bots can be downloaded for free and Chinese or Russian bot masters can be hired to stage an attack at very reasonable rates. These attacks are something we have to live with and prepare for but the authorities seem to be relatively powerless to stop them at source. A few token arrests have been made but with little effect.

The availability of sophisticated malware kits is what is really changing the scene. Once-valuable assets in the professional hacking market are now available for a few hundred dollars. Weapons like Zeus and SpyEye have been reverse engineered, packaged and are now on sale in the black-hat supermarkets of cyberspace.

The latest buzz word is APT (Advanced Persistent Threats) but in most cases this boils down to a targeted phishing attack (spear  phishing) aimed at a vulnerable employee or group of employees. These, often lowly, employees are tempted by poisoned spreadsheets that will in some way boost their income or standing in the employment stakes. Once opened, the spreadsheet infects the network and opens the door to malware of a more dangerous kind but rarely anything that hasn’t been seen before.

The fact that 30 percent of breaches are from unauthorised internal access is another worrying factor because it implies there are many workers who will happily “hack” their own companies’ systems. The truth is probably that they either find they have privileges beyond their role or that APTs are being mistaken for insider attacks. Whatever the reality may be, the fact is that there are employees who will take advantage of any loophole they find so how many more will do the initial planting of a backdoor or Trojan on behalf of the hacker for a handsome payment?

How To Tackle Stealth?

What is new is the stealth malware, called AET (Advanced Evasion Techniques) by Stonesoft. When I say new, I mean it is a work in progress. Stealth attacks have been known for years, and it is a year since Stonesoft started its AET campaign.

Combining APT and AET techniques brings in the concept of patience. In the past hackers used to blast potential vulnerabilities with fuzzing attacks – basically hitting the seemingly weak spot with all kinds of junk until something caused an effect. As subtle as a Ballmer at a Microsoft marketing convention.

Now the attacks are being steered towards a particular goal, inch by inch, and covering their tracks as they go. This requires a much more subtle approach from intrusion detection systems. In most cases, the tools and the evidence are there to be found but it is a very manual, time-consuming task. What is needed is some form of intelligent automation and that seems to be in its early days.

In the battle between the hackers and the security pros, the malware makers are winning. Whether HP has anything in its new toolbox to redress the balance is yet to be seen but, looking generally at recent product releases, we will probably be closing the doors on an empty barn after the Trojan has bolted.

Eric Doyle, ChannelBiz

Eric is a veteran British tech journalist, currently editing ChannelBiz for NetMediaEurope. With expertise in security, the channel, and Britain's startup culture, through his TechBritannia initiative

View Comments

  • An initial safeguard to prevent these attacks, and to better manage what user's can access, is to remove administrative privileges from the desktop creating a least privileges environment. Once having done this you’ll need a method for proactively managing permissions so that your help desk won’t become inundated with support calls. Have a look at some of the solutions that provide flexible and highly granular control of privileges and permissions for end users. Whether they are windows based servers, desktops, laptops or mobile users. Some solutions are more easily implemented, such as Viewfinity, because of its SaaS-based platform and reporting and easy-to-read graphics that provide an extra edge by performing extensive analysis to determine user needs and prepare the environment before removing admin rights.

  • Jay Huff, EMEA director of HP's ArcSight company, sent the following comment. You can read a fuller version on our rival site, ITProPortal http://www.itproportal.com/2011/09/12/hps-jay-huff-you-cant-protect-yourself-against-todays-threats-doing-more-what-youve-done-past/:

    “You cannot protect yourself against today’s threats by doing more of what you’ve done in the past. While the focus on perimeter is still necessary it is no longer sufficient. Today, organisations need real-time intelligence in a number of areas; what is happening across your network, who is on the network and what are they doing, what are the potential vulnerabilities in your applications and infrastructure that can be exploited, and what are the latest external threats? HP is incorporating this intelligence across our security products to help organisations close down potential exposures and to gain a high level of situational awareness to identify and stop more sophisticated attacks in their early stages. This is exactly what the ArcSight solutions do by providing a way to analyse every incident, and make sense of all the patterns an intruder may leave behind during an attack in an automated way.”

Recent Posts

Facebook Demands Old FTC Documents In Antitrust Battle

Fresh development in Meta's battle against US regulator, seeking to force Facebook to divest itself…

3 hours ago

Fate Of Newport Wafer Fab Uncertain, As Government Delays Sale Decision

Government delays decision over whether the UK's largest maker of chips can be purchased by…

4 hours ago

Amazon Faces UK Investigation For Suspected Anti-competitive Practices

Another probe. Busy week for the UK's CMA after it confirms investigation of Amazon over…

21 hours ago

UK Regulator Begin Probe Of Microsoft’s Activision Buyout

The CMA confirms start of investigation into Microsoft's $69 billion purchase of leading gaming holding…

22 hours ago

Online Safety Bill Tweak To Combat Russian Misinformation

Foreign interference and misinformation to be designated a priority offence under Online Safety Bill, the…

23 hours ago