|
 |
|
General Information
|
Add To My Personal Library |
July 13, 2007
• Vol.29 Issue 28
Page(s) 12 in print issue
|
Cruel World Out There
Protect Your SME From Outsider Threats
|
 In the past year or so, the trendy security focus has been on insider threats. And while it may be that some organizations turn a blind eye to the risks inside their organization, they shouldn’t turn all of their security efforts inward. There is still a clear and present danger from threats coming from the outside that small to midsized enterprises must address.
The threat landscape has shifted considerably since the time of worm scares and script kiddies. Today’s hackers are part of an underground economy fueled by data theft. The Russian mafia and other organized networks are using hacking techniques to raid corporate and consumer systems of personally identifiable information to create massive stores of credit card numbers, Social Security numbers, and the like to perpetuate a stream of identity thefts. These criminals often take over unprotected systems and add these zombie machines to their expansive bot networks that can carry out illicit activities under the radar of information security groups and law enforcement.
“The underground economy isn’t new by any means, but there is an established order now,” says Alfred Hager, vice president of engineering for Symantec Security Response (www.Processor.com/SymantecCorp). “It’s like a market economy. It’s very varied, and it’s highly organized.”
A recent report by Hager’s team at Symantec pointed out that this criminal activity has matured to the point that there is a full-blown supply chain for those who wish to steal identities. Hackers on the ground level harvest identifiable information and act as stolen data “vendors” for those who wish to buy it. The next group of customers buys the data wholesale and processes and sifts through it to link credit card numbers, addresses, and the like to have all of the necessary information right in front of them. This group then sells this processed information to those who wish to take the risk to do the dirty work.
The illicit market has stabilized, so now there is even a standardized price for an identity: Symantec reports that the average price of an identity package, including a Social Security number, bank account information, name, date of birth, and credit card information, is between $14 and $16.
As businesspeople, these hackers are constantly on the lookout for better ways to carry out their work. This should scare the typical IT worker because the easiest way for these criminals to build their businesses is to target legitimate businesses.
Businesses often have large repositories of juicy information ripe for theft, such as customer lists, partner information, and employee information. Many times these data stores are not protected, and the hackers know this. Their goal is to steal as much information as possible without being detected. As a result, IT administrators now must look for sneakier attacks. This is in contrast to the splashy attacks of yesteryear that were designed simply to knock out company systems.
The following are some of the biggest outside threats SMEs should be addressing.
 Zero-Day Threats
One of the ways many hackers are able to stay ahead of security protections is to target vulnerabilities in software that the vendor has not yet addressed or even found and attack these weaknesses to gain access to systems. Until the vendor is able to provide a patch or even warn its customers about these “zero-day vulnerabilities,” the user is at risk.
“The increasing proliferation of zero-day vulnerabilities means the previous window of opportunity IT had to secure networks between the release of a software patch and an attack has been slammed shut,” says Marc Maiffret, eEye Digital’s (www.Processor.com/eEyeDigital) founder and CTO. “More zero-day security vulnerabilities and attacks are being discovered every day, and dealing with them can easily dominate an enterprise’s IT efforts.”
Many zero-day vulnerabilities can be mitigated before a patch is available by changing network or system settings and configurations. The trick is having the intelligence in time to make these changes before being attacked. This is why it is critical for SMEs to find some source of actionable intelligence to protect themselves from these attacks. Organizations such as eEye Digital, Symantec, and VeriSign’s iDefense Labs (www.Processor.com/Veri) provide a range of products and services designed to protect against such attacks.
Stealthy Blended Attacks
According to a recent survey conducted by the security firm Webroot (www.Processor.com/Webroot-Co), more than 40% of companies worldwide reported business disruptions due to malware. The study also found 39% of companies reported Trojan horse attacks, 24% reported system monitor attacks, and 20% reported pharming and keylogger attacks. In addition, 26% of businesses reported that confidential information was compromised as a result of spyware.
The major difficulty SMEs have today is that malware creators are making these malicious programs increasingly difficult to detect, and they are combining different types of malware to create very effective blended attacks. As a result, SMEs must use a range of anti-malware programs to protect themselves. The defensive arsenal should include antivirus, antispyware, and rootkit detection. Vendors in this arena include Trend Micro (www.Processor.com/TrendMicro), Webroot, McAfee (www.Processor.com/MFE), and Symantec.
Web Application Attacks
One of the most dangerous risks in the IT environment is created by the IT team itself. In-house programs are becoming the attack vector du jour as hackers begin to see how easy it is to bypass home-brewed applications through buffer overflow, cross-site scripting, and similar attacks in order to gain access to an enterprise’s systems.
One of the most popular groups of programs in-house programming teams create is the Web application, often used to create portals to certain data stores for customers, employees, or partners to access the information they need through the Web. Unfortunately, if these programs are built without security from the outset, they also provide an easy way for hackers to gain access to the same information and maybe even more.
“The use of Web-based applications forces us to essentially poke holes in the perimeter for information flow from our Web applications to our customers in back, so the whole concept of a perimeter starts to get a little fuzzy. At the same time, threat trend data began suggesting that those that are interested in unauthorized access in the network are looking for vulnerabilities elsewhere—and the most likely targets are Web applications,” says Jim Routh, chief information security officer for financial firm DTCC (Depository Trust and Clearing Corp.). “This is where a host of vulnerabilities is likely to exist because from an industry perspective, we didn’t put a whole lot of thought into things like buffer overflows and cross-site scripting, and we also made the assumption we could keep people out of our networks.”
Routh believes the only way to address this risk is to train programmers how to code securely and to provide them with the right tools to scan their code for security problems before bringing programs into a production environment. Security coding products include SPI Dynamics’ Web-Inspect (www.spidynamics.com), Watchfire AppScan (www.Processor.com/Watchfire), and Fortify Software’s Source Code Analysis (www.fortify.com).
Old-Fashioned Threats
Don’t forget hackers use other ways to obtain information. One is to physically get their hands on it. According to Symantec, the primary cause of data breaches that could facilitate identity theft was the theft or loss of a computer or other medium on which the data was stored or transmitted. SMEs should remember that a sound mobile device policy combined with the use of encryption can go a long way toward preventing theft of laptops and devices and preventing access to information once a theft occurs. 
by Ericka Chickowski
Outsider Security Threats
| Security Threat | What To Do | | Zero-Day Attacks | Find a source of information about zero-day vulnerabilities to apply third-party patches or reconfigure systems to mitigate the risk until an official patch is available. | | Sneaky Blended Attacks | Employ a layered system of anti-malware protections that block a whole host of attacks. | | Web Application Attacks | Train programmers in security and provide them with the right code scanning utilities. | | Old-Fashioned Attacks | Encrypt laptops and create mobile device policies that lessen the risk of loss or theft of devices. | |
SPONSORED LINKS
eEye Digital Security Retina Network Security Scanner
A vulnerability assessment solution that identifies known network security vulnerabilities and assists in prioritizing threats for remediation
www.Processor.com/eEye
McAfee Total Protection for Enterprise
The industry’s first truly integrated system security solution; delivers comprehensive protection without compromise
www.Processor.com/McAfee
Trend Micro InterScan Gateway Appliance
This secure content management appliance delivers all-in-one, comprehensive protection against security threats at the Internet gateway, before they can damage your network
www.Processor.com/InterScan |
|
|
