TMCnet News
Protecting all corp. data 'no longer realistic' [Network World](Network World Via Acquire Media NewsEdge) STEALTHY, SOMETIME long-term cyberespionage attacks to steal sensitive proprietary information - what some now call "advanced persistent threats" (APT) - have become a top worry for businesses. Last week the Security for Business Innovation Council, a group of 16 security leaders from companies that include eBay, Coca-Cola Company, SAP, FedEx Corp., Johnson & Johnson and Northrop Grumman, summed up their thoughts on APT in a report, saying this type of attack is forcing GG to rethink network security. "Tackling advanced persistent threats means giving up the idea it's possible to protect everything. This is no longer realistic." "Focusing on fortifying the perimeter is a losing battle," bluntly states the report, which was published by RSA - itself the well-known victim of a successful APT attack. "Today's organizations are inherently porous. Change the perspective to protecting data throughout the life cycle across the enterprise and the entire supply chain." The report adds: "The definition of a successful defense has to change from 'keeping attacks out' to 'sometimes attackers are going to get in; detect them as early as possible and minimize the damage.' Assume your organization might already be compromised and go from there." The focus, it says, now has to be on working with business managers to identify the "crown jewels" ofthe organization and protect these "core assets," while "also moving away from a perimeter-centric view." Dave Culinane, chief information security officer at eBay, says there's no doubt that the APT problem is at the top of everyone's list of concerns right now. Spear-phishing, which involves tricking an individual into opening an email with malware to gain control of a computer, is one way an attacker gains a foothold inside a network, as happened at RSA last spring. But Cullinane says there are insufficient protective anti-phishing products available. "Adversaries know what works in spam filtering " he points out. He says some companies, including banks, have devised thenown custom-made defenses that combine email information with threat-monitoring tools like FireEye and Damballa. Cyber-espionage attacks are basically an infiltration that could come from nation-states, their hired-hand attackersas well as industrial competitors, perpetrators of organized crime, or "hacktivists" like Anonymous. Last week, security researcher Joe Stewart, director of malware research at Dell SecureWorks, offered his own evidence that the March break-in at RSA, in which sensitive information related to SecurID was stolen, originated in mainland China. Stewart says his conclusion is based on analysis of two malware components that were used to conceal the attack on RSA. The malware, called HTran, which was originally written by Chinese hackers, was found to leak error-message information showing specific network IP addresses at ISPs in China, where hackers likely directed stolen data. The report on this from SecureWorks notes that withou t the cooperation ofthe government of the People's Republic of China, further attribution of the hacking activity is "difficult or impossible." Operation Shady Rat The possibility of a nation such as China engaged in large-scale cyber-espionage through APT attacks came up again last week. In a report entitled "Revealed: Operation Shady RAT," McAfee says evidence it got from a server out on the Internet shows 72 businesses and government agencies, most in the US. but from several other countries as well, have suffered APT infiltrations since 2006. McAfee says the attacker is probably a "nation-state," but it didn't point to any particular country. McAfee's "Revealed: Operation Shady RAT" only names a few ofthe victims, including the World Anti-Doping Agency in Montreal, the Asian and Western national Olympic Committees, and the United Nations, along with the Association of Southeast Asian Nations. Dmitri Alperovitch, vice president of threat research at McAfee labs, says McAfee has tried to reach those it believes were targeted based on the log evidence from the server it gained "legally" in March. "Some IP addresses are very clear, they're the firewall of an organization," Alperovitch says. The intention of the McAfee report is to show that "someone is going to a tremendous amount of effort to compromise these computers," he says. Alperovitch says the APT server in question is still in operation, and there are "hundreds if not thousands" of these servers designed to coordinate siphoning of sensitive data. The theft of intellectual property taking place represents a "massive transfer of wealth that is happening," he says, as some infiltrator - probably a "nation-state" - tries to gain economic advantage by chipping away at the economic advantage others may have. SECURITY Subscribe to our free newsletter: www.nwdocfinder.com/1017 A SPECIAL MCAFEE REPORT "Operation Shady RAT" Some facts about the 72 compromised organizations McAfee identified as victims of targeted intrusions. McAfee's "Operation Shady RAT identified the organizations by analyzing log data from a single server found on the Internet. 22 GOVERNMENT-FOCUSED U.S. federal, state, county government agencies; Canada, India, South Korea, Vietnam, Taiwan, India; U.S. gov't contractor; United Nations. 13 HIGH-TECH * INFO-TECH Electronics; computer security; information technology; satellite communications; news media; information services; communications technology. 13 DEFENSE CONTRACTORS 12 ECONOMICS, SPORTS, NON-PROFIT International sport; trade; think tanks; international govemmenbfeconomics /trade; political non-profit; U.S. national security non-profit. 6 Il HEAVY INDUSTRY Construction, steel industry, energy, solar power. 4 Il OTHER BUSINESS Construction, steel industry, energy, solar power. (c) 2011 Network World Inc. |