The aftermath of any major security breach, must always involve an assessment of what went wrong. Comments seem to echo the same sentiment and phrases like “We have to become better at stopping malware,” are a common refrain. Certainly this is true, but evidence also points to the frustrating fact that for now, stopping 100% of malware just isn’t realistic. This does not mean organizations should abandon their preventive solutions, but sophisticated data thieves are finding ways to bypass them.
If all exploits used the same tactics, we might have a better chance of preempting them. However, just as there are numerous preventive measures organizations deploy such as firewalls, AV, IPS and Sandboxing, there are threats designed to evade each one and get at your data. Most of the major data breaches we read about seem to have included both a clever exploit and some deficiency on the part of the victim organization. A brief survey of major events illustrates how varied, yet common these factors can be:
There’s no doubt that cloud SaaS security solutions continue to gain market share. A report from Research and Markets predicts the SaaS security market will grow by almost 18% over 2013 to 2018.
Arguably, data security is on every industry leader’s mind. For security professionals it’s definitely at the forefront because a serious data breach on your watch, could be a career-defining moment and not in the good way. Perhaps you’ve invested heavily in multiple layers of prevention – firewall, AV, SWG, IPS, and endpoint security. And beyond that, your data may even be isolated on a server with no connection to the Internet. Sounds good, but how about all the people with access to your data? If they also have an Internet connection, your data has access to the Internet. If your user gets a malware infection, he can pass that on to the server where your data resides. In the case of the Target breach, the third-party vendor whose credentials were stolen turned out to have access to sensitive data on the server totally unrelated to the service he was providing.
Black Hat 2015 is less than a week away, and almost daily cybersecurity stories remind us that there’s never a dull moment in the world of hacking. Black Hat is known for attracting information security’s best and brightest to its nearly week-long event, where experts share war stories, how to’s and what’s-coming-next scenarios with an audience of enthusiasts who can’t seem to get enough. And to be sure, there’s always lots to talk about. The cybersecurity landscape continues to change with technology advancing at break-neck speeds, making it harder than ever to keep good technology out of the hands of bad hackers. And with so many different threat vectors at play – terrorists, criminals seeking financial gain, hacktivists – the possibilities for an organization to fall victim range far and wide. A couple of recent articles demonstrate how new technology and the Internet of Things are taking hacker exploits out of the realm of science fiction and into real life.
You’ve been a diligent and informed cybersecurity expert for your organization, deploying layers of preventive technology to stop advanced threats, including a secure web gateway, a firewall, IPS, and file sandboxing, and yet your defenses have been breached and data stolen. Certainly this is a scenario that’s played out at many organizations and statistics suggest these incidents aren’t going away soon. According to the Identity Theft Resource Center, there have been 436 data breaches in the United States YTD, resulting in the exposure of 135 million records. These breaches have hit virtually every market sector – it seems no organization is immune to attack. If your organization has experienced a data breach resulting in data loss, you understand how far and wide it can impact your business. But investing all your resources into prevention may not be your best bet.
Clearly, the standard methods organizations are employing to stop evasive malware and prevent a catastrophic data breach, have failed as verified by a long list of high-profile losses. The problem is, these layers of security such as robust AV, Intrusion Prevention Systems (PS), application ID, and sandboxing, to name a few, are all undoubtedly necessary and valuable. If you want to sleep peacefully at night, you don’t just lock the gate to your yard and leave your house open. So while multiple layers are necessary – relying on any one as your sole defense would be ineffective. Here is a recap of some standard solutions being deployed:
The ZeuS Trojan, often called banking malware, because it primarily targets financial institutions and online banking customers, has been around since 2007 – ancient history in the world of cybersecurity. But recently a new configuration was identified, a 64-bit version that may represent an entirely new breed of software, one that could take protocol evasion to whole new level.
The method of transmitting data over the Internet was developed when no one predicted how criminal organizations would take advantage of its structure. Internet transmissions to port destinations are sent in packets, each containing 1,514 bytes. Each packet is divided into sections, including a wrapper containing routing and transmission information and a larger content section that can include anything from a PDF and video to DNS requests or even malware. The goal is to fill each packet leaving as little empty space as possible, in order to deliver an efficient payload. The routing and transmission sections include headers for Ethernet, designating movement inside the network; an IP heading for movement outside the network; a TCP or UDP header, which includes the destination port number; and the protocol heading, for instance HTTP, or HTTPS.