SlideShare une entreprise Scribd logo
1  sur  11
Télécharger pour lire hors ligne
darkreading.com
APRIL 2013
Targeted Attackers
Previous Next
Previous Next
DownloadDownload
RR
SubscribeSubscribe
Previous Next
Previous Next
PLUS Handling targeted attacks: Experts speak >>
STOP
All cyber-attackers aren’t equal. Focus more attention on exploits made just for you. >>
By Ericka Chickowski
DOWNLOAD PDF
COVER STORY
Stop Targeted Attackers
The most dangerous attacks aren’t random,
so focus on those that are created just for
your company. p4
DARK DOMINION
Handling Targeted Attacks: The Experts Speak
Security pros offer tips on preventing targeted
threats. p3
CONTACTS
Editorial and Business Contacts p11
Digital Business Leaders
Engage with Oracle presi-
dent Mark Hurd, NFL CIO
Michelle McKenna-Doyle, and other leaders of the
Digital Business movement at the InformationWeek
Conference and Elite 100 Awards Ceremony, to be
held in conjunction with Interop in LasVegas, March
31 to April 1.
IT Insights At Interop
Get insights on BYOD security, cloud and virtual-
ization, SDN, the Internet of things, Apple in the
enterprise, and more at Interop LasVegas, the tech-
nology conference and expo series designed to in-
spire and inform the world’s IT community. March
31 to April 4.
Security Smarts
Our Security Services Tech Center provides the lat-
est news, product information, analysis, and opin-
ion on security services and outsourcing to help
your organization make the right choices.
PREVIOUS ISSUE
Secure The Cloud
Cloud security needn’t be
an oxymoron. Here’s how
to get it right.
FOLLOW US ON TWITTER AND FACEBOOK
@DarkReading darkreading.com/facebook
darkreading.com
Previous Next
Previous Next
DownloadDownload
RegisterRegister
SubscribeSubscribe
Previous Next
Previous Next
April 2014 2
CONTENTS
April 2014 Issue 015 More From Dark Reading
This month’s digital issue on targeted at-
tacks isn’t the first time Dark Reading has
looked at this topic. On March 6, in conjunc-
tion with our sister publication Information-
Week, we conducted a half-day conference
in Boston on targeted attacks featuring the
industry’s best-known experts. The following
are the key messages from that event.
Get to know your attacker. Most current
defenses against targeted attacks focus on
analyzing the unique malware used by the
attackers. But there is a growing base of ven-
dors that offers threat intelligence services
that make it possible for your enterprise to
not only identify the malware, but to isolate
the methods and identities of the attacking
group.
“If you understand your attacker’s meth-
ods, you can improve your defenses against
those attacks exponentially,” says George
Kurtz, CEO and co-founder of CrowdStrike,
who keynoted the Boston event.
A targeted attack isn’t necessarily a di-
rect attack. Bad guys are discovering that
the best way to gain entry into a targeted
network is by compromising the systems
of third parties that have access to that net-
work. The huge data breach at the Target
retail chain in late 2013 has been traced to a
small heating and air conditioning company
that worked with Target.
“To build an effective defense, you also
need to extend your visibility into your sup-
ply chain,”says Kurtz.
A targeted attack isn’t always a new at-
tack. While some high-profile cases of tar-
geted attacks have involved zero-day mal-
ware developed specifically for the victim,
the majority of these attacks exploit known
vulnerabilities.
“Many of these attacks involve years-old
vulnerabilities that could have been pre-
vented if the victims had just stayed up to
date with their patches,” said JD Sherry, a
security researcher from Trend Micro, in a
presentation at the Boston event.
Most targeted attacks leave fingerprints.
Like conventional criminals, targeted attack-
ers tend to develop “modus operandi” — a
unique set of tools and practices they use
over and over again. By identifying this M.O.,
enterprises can build customized defenses
designed to stop these specific attacks.
Ninety-nine percent of targeted attacks
are manually operated, which gives them an
almost human quality that is quite different
from mass-produced malware, says Harry
Sverdlove, CTO of Bit9.
If you want to frustrate a targeted at-
tacker,raisethecostofhisattack.It may not
be possible for an enterprise to “hack back”
against a cyber-criminal, but you may be able
to frustrate the bad guys by repeatedly expos-
ing and interrupting their methods.
“The bad guy has to pull off an entire pro-
cess without being detected,” says Tim “TK”
Keanini, CTO at Lancope. “Interrupting this
‘kill chain’ is the key to making it more dif-
ficult to complete the process.”
Tim Wilson is editor of DarkReading.com. Write to him at
timothy.wilson@ubm.com.
Previous Next
Previous Next
DownloadDownload
RegisterRegister
SubscribeSubscribe
Previous Next
Previous Next
April 2104 3darkreading.com
DARK DOMINION
Handling Targeted Attacks: Experts Speak TIM WILSON
@darkreadingtim
Table of Contents
DOWNLOAD PDF
RegisterRegister
Previous Next
Previous Next
NextWave Of BusinessTech
Engage with Oracle president
Mark Hurd, Box founder Aaron
Levie, UPMC CIO Dan Drawbaugh,
GE Power CIO Jim Fowler, former
Netflix cloud architect Adrian
Cockcroft, and other leaders of
the Digital Business movement at
the InformationWeek Conference
and Elite 100 Awards Ceremony,
to be held in conjunction with
Interop in Las Vegas, March 31 to
April 1, 2014. Click here for full
agenda.
April 2014 4
Not so long ago, the main
threats in cyber-security were
random: viruses and worms that crawled
across the entire Internet, or malware buried
in spammy email blasts. Enterprises coped
with the problem with protective screens
that recognized and blocked these random
attacks, as an umbrella keeps off the rain.
Today, the most dangerous attacks are no
longer random. They are targeted specifi-
cally to steal or damage data from a specific
organization, or even from specific systems
and people in that organization. The tar-
gets aren’t always large companies or gov-
ernment agencies; targeted attacks can be
launched against government contractors,
media firms, or even small businesses. Tar-
geted attacks are the attack vector of choice
COVER STORY
Table of Contents
Previous Next
Previous Next
DownloadDownload
RegisterRegister
SubscribeSubscribe
Previous Next
Previous Next
All cyber-attackers aren’t equal. Focus more attention
on exploits made just for you.
Stop Targeted Attackers
darkreading.com	
By Ericka Chickowski @ErickaChick
DOWNLOAD PDF
April 2014 5
COVER STORYSTOP TARGETED ATTACKERS
Previous Next
Previous Next
DownloadDownload
RegisterRegister
SubscribeSubscribe
Previous Next
Previous Next
darkreading.com
for sophisticated cyber-criminals, and
against certain exploits, existing enter-
prise defenses are about as effective as an
umbrella against a surprise Super Soaker
attack.
Targeted attackers sometimes spend
months, even years, scouting their targets.
They’ll probe for weaknesses and pinpoint
vulnerabilities that can be used in a tailored
attack.That first vulnerability may get them
the crown jewels right away, but typically,
targeted attacks are a multistep process.
Attackers start by gaining a foothold in the
target’s infrastructure. Once inside, they’ll
quietly scope out the network, looking for
further points of attack and ways to access
specific information.
The recent breach at retailer Target is a
prime example of a targeted attack. Attack-
ers were able to gain enough access within
the retailer’s network to install malicious
software on its point-of-sale (POS) systems
to collect the credit and debit card data of
millions of customers as the transactions
were being made.
The initial route into the network was
circuitous, according to news reports. At-
tackers got a foothold in Target’s network
through a phishing attack against the
company’s heating and air conditioning
vendor. From there, the attackers used
limited administrative connections from
the vendor into Target’s network to worm
their way further into the network of
systems. The criminals running the attack
did enough legwork to learn which ven-
dors Target did business with and found
one that would eventually give them
the keys to a side door into the Target
infrastructure.
This is just one very public example.
“We’re losing this war, to be blunt about
it,” says Dan Kaminsky, a noted security re-
searcher and chief scientist for fraud detec-
tion firm White Ops. “Five hundred of the
Fortune 500 are under targeted attack. It’s a
constant cat and mouse game.”
Targeted attacks test enterprise de-
fenses because they defeat the old “um-
“We’re losing this war, to be blunt
about it. Five hundred of the Fortune
500 are under targeted attack. It’s a
constant cat and mouse game.”
— Dan Kaminsky, White Ops
Previous Next
RegisterRegister
Previous Next
Previous Next
Education And Networking
Learn how cloud computing,
software-defined networking,
virtualization, wireless, and other
key technologies work together
to drive business at Interop Las
Vegas. It happens March 31
to April 4.
Table of Contents
April 2014 6
brella” defense, which was designed to stop
widespread, random attacks. Companies
can no longer treat all types of attacks the
same. They must instead prioritize defenses
against the methods that targeted attackers
are likely to levy against their businesses.
“We’re treating everything as if it were the
same level of threat, whether it’s a targeted
attack, a criminal, a teenager trying to port
scan your network. They’re all getting simi-
lar levels of attention, and that’s not a sus-
tainable model,” says Dmitri Alperovitch, co-
founder and CTO of Crowdstrike, a threat
detection vendor focusing on advanced and
targeted attacks.“You have to prioritize.”
Understand The Attacker’s Mentality
Developing a defense for targeted attacks
starts by understanding who these attackers
are and how they operate. Now, that doesn’t
necessarily mean working to identify your
attackers specifically. That’s a rabbit hole that
won’t reap enough rewards for the effort, Ka-
minsky warns.
“Even if you knew exactly who your attack-
ers were, there’s a limited number of sce-
narios in which you can do anything about
it,”he says.
You’re not seeking out a specific name or
identity. Instead, you’re identifying attack
patterns common in your industry and look-
ing to protect yourself from attacks against
the data that a targeted attacker would want
to steal. And that means understanding how
attackers operate.
For example, some opportunistic financial
attackers go after mom-and-pop point-of-
sale systems by scanning the Internet looking
for open pcAnywhere, virtual network com-
puting, or remote desktop connections, says
Lucas Zaichkowsky, enterprise defense archi-
tect for the forensics and security firm
AccessData.
Many of these merchants and their POS
vendors set these systems up and do port
forwarding so the POS vendor can help the
merchant troubleshoot remotely. Using that
as a jumping-off point, targeted attackers of-
ten have enough information to understand
common POS systems and know where
credit card data is likely stored.
“Most POS systems are encrypted these
days, but it’s all about knowing where the
keys are,” says Zaichkowsky. “Or they’ll just
drop in keystroke recorders or memory
scrapers to grab the data as it’s in transit
without even relying on it being stored any-
where, and then it’s just automatically up-
loaded or uploaded through batch to some
COVER STORY
Previous Next
Previous Next
DownloadDownload
RegisterRegister
SubscribeSubscribe
Previous Next
Previous Next
darkreading.com
STOP TARGETED ATTACKERS
19%
19% of all attacks analyzed in a 2013 Verizon report
were perpetrated by state-affiliated actors — in other
words, a form of espionage.
Data: Verizon 2013 Data Breach Investigations Report
Every company needs to remember
that it has an advantage
over the targeted attacker because
the company has an insider’s
knowledge of its own environment.
Click HereClick Here
Get Smart
Our Threat Intelligence Tech
Center provides in-depth
information on collecting and
analyzing data on emerging
cyber-security threats.
Table of Contents
April 2014 7
FTP server somewhere. And a lot of that stuff
is done in a matter of minutes.”
Meanwhile, other extremely sophisti-
cated attackers may target specific finan-
cial organizations to “jackpot millions out
of ATM machines,” says Zaichkowsky. Nation-
state attackers may go after specific industrial
companies to gain intelligence information.
At the lower level of sophistication, such as
the POS example, attackers target common
vulnerability opportunities. At the higher end,
they target a specific organization’s weak-
nesses by doing a lot of reconnaissance.
“The more targeted the attack, the fewer
obvious mistakes your attacker is going
to make, because his attack is tailored to a
particular environment,”White Ops’s Kamin-
sky says.
To understand how targeted attack tech-
niques apply to your industry or business,
finger-in-the-wind Internet research won’t
cut it. Instead, gather true threat intelligence
about attacks occurring in near or real time
within real world environments.
“Intelligence can help you identify both the
risk to assets — by looking at the adversaries
that may be motivated to go after your data
—and can provide you with the understand-
ing of the trade craft and the capabilities of
those actors, so that you can start thinking
about how to adjust your defense model to
specifically meet the capabilities of those ad-
versaries,”Alperovitch says.
Zaichkowsky explains how threat intelli-
gence can help.
“Let’s say, for example, you know the state-
sponsored Chinese guys are coming after
you. You’ve got some intellectual property
you know they want,” he says. “They tend
to operate by spearphishing most of the
time for initial point of entry. So being able
to make sure certain file attachment types
COVER STORY
Previous Next
Previous Next
DownloadDownload
RegisterRegister
SubscribeSubscribe
Previous Next
Previous Next
darkreading.com
STOP TARGETED ATTACKERS
Threat Intelligence data is most effective when it is integrated directly with other security efforts. The data can inform
both tactical security efforts,as well as more strategic governance and risk management processes.
Threat Intelligence Integration
Table of Contents
can’t be opened and installing next-gen
solutions in line mode, you can [take
actions that] actually prevent things as
much as possible.”
Understand Your Own Environment
Of course, understanding who’s likely to
attack you and how is only a part of the
puzzle. Internal data and system knowl-
edge is just as important as knowing your
enemy, to paraphrase Chinese military
philosopher Sun Tzu.
This means identifying what information
assets your organization has — and what
assets are most important to your business
— because each company has different
pain points and risk factors.
“Coordinate across business units to
identify the information that would be
critical if my competitor or a threat actor
were to take it,”says Jen Weedon, manager
for the intelligence team at FireEye. “That
gets you down the path of being able to
know,‘OK, I should protect X, Y, Z informa-
tion with higher levels of security.’”
In other words, targeted threat protec-
tion really starts with a targeted, internal
risk assessment.
“Info about a negotiation on a multi-
billion-dollar deal is probably a lot more
valuable than info about a $200,000 sales
opportunity,”Alperovitch says.
Similarly, organizations must under-
stand what’s going on within their IT en-
vironments, correlating that with the data
protection priorities they’ve made and
the threat intelligence feeds they receive
about external dangers. This is why or-
ganizations are investing more heavily in
detection technologies than in traditional
umbrella prevention techniques.
Detection is much more effective than
prevention, says Kaminsky.The notion that
vulnerabilities are instantly exploited and
that all useful data is instantly removed
simply isn’t true.
“There’s a period of time it takes to find
COVER STORY
Previous Next
Previous Next
DownloadDownload
RegisterRegister
SubscribeSubscribe
Previous Next
Previous Next
darkreading.com
STOP TARGETED ATTACKERS
April 2014 8
“We’re treating everything as the
same level of threat – whether it’s
a targeted attack, a criminal, a
teenager trying to port scan your
network – and that’s not a sustain-
able model.”
— Dmitri Alperovitch, Crowdstrike
Table of Contents
your target and determine how to exploit
it,” Kaminsky says. “And it turns out that
there are specific things that show up in
the logs after the vulnerability has been
found but before it’s been successfully
exploited — and they can serve as a great
signal [of an attack in progress].”
Every company needs to remember that
it has an advantage over the targeted at-
tacker because the company has an in-
sider’s knowledge of its own environment.
“You don’t have to discover the proper-
ties of your environment in real time the
same way that an attacker does,”Kaminsky
says. “We do not use honeypots enough.
We do not attempt enough to exploit the
attackers’ real-time discovery of the net-
works that they’re breaking into.”
Too often, says Zaichkowsky, organiza-
tions “burn” the intelligence they may
have about attackers rather than using
it to identify their methods and stop
them. For example, if a business learns
from threat intelligence service providers
Previous Next
Previous Next
DownloadDownload
RegisterRegister
SubscribeSubscribe
Previous Next
Previous Next
darkreading.com
COVER STORYSTOP TARGETED ATTACKERS
April 2014 9
How concerned is your organization about advanced cyber-espionage,nation-state or other types?
9%
24%
30%
13%
24%
Cyber-Espionage Concern
Data:InformationWeek 2013 Strategic Security Survey of 1,029 business technology and security professionals
at organizations with 100 or more employees,March 2013
1
2
3
4
5
6
7
89
Not at all concerned
Slightly concerned
Moderately concerned
Very concerned
Extremely concerned
Table of Contents
that a list of IP addresses is being used
to attack the business, its first instinct
may be to just configure the firewall to
block those addresses. But when you’re
dealing with targeted attackers, as soon
as they try to connect to you and it’s not
working, they’ll just go to another IP ad-
dress — and you’ve essentially burned
your intelligence.
Instead, take that tactical intelligence
and lay down “tripwires” to watch the at-
tackers’ activity and remediate a little fur-
ther down the line.
“Then when you actually remediate and
you kick them out,”says Zaichkowsky,“you
haven’t burned any of your intelligence.
They’ll have to start guessing, ‘Well, how
did they find me?’”
Frustrate Your Attacker
Ultimately, the goal is to make life very
hard for the targeted attacker and also
to buy your organization enough time to
respond to targeted attacks before the
crown jewels leave the building.
“Think of infrastructure hardening
like building a maze,” says Zaichkowsky.
“You’re making that maze more and more
complex, which buys you time. In a tar-
geted attack, they’re going to get to what
they’re after — it’s just a matter of time.
So make that maze as difficult as possible
and set up little tripwires everywhere to
identify attackers as they’re progressing
through it.”
Your team needs enough audit logs, fo-
rensics artifacts, and monitoring tools in
place to quickly scope out an attack when
a tripwire has been tripped. But even more
than that, companies should constantly
adjust their defenses to make it expensive
for the attacker to operate within their envi-
ronments, Kaminsky warns. While creating
a puzzle may make things more difficult
for attackers, the reward might be great
enough that the attacker will invest the time
and resources to figure out that puzzle.
“You have to play a chess game,” Kamin-
sky says. “You have to make sure there’s a
cost to the attacker for getting detected,
but you have to make sure the attacker
thinks maybe it will work. But when it
doesn’t work, they’re going to lose what
they have within your network. If you don’t
play the game, if you just try to make a
puzzle, you’ve already lost.”
Writetousateditors@darkreading.com.
Table of Contents
Previous Next
Previous Next
DownloadDownload
RegisterRegister
SubscribeSubscribe
Previous Next
Previous Next
darkreading.com
COVER STORYSTOP TARGETED ATTACKERS
April 2014 10
April 2014 11darkreading.com
Table of Contents
Previous Next
Previous Next
DownloadDownload
RegisterRegister
SubscribeSubscribe
Previous Next
Previous Next
Online, Newsletters, Events, Research
READER SERVICES
DarkReading.com The destination for the
latest news on IT security threats, technology,
and best practices
Electronic Newsletters Subscribe to Dark
­Reading’s daily newsletter and other newsletters
at darkreading.com/newsletters/subscribe
Events Get the latest on our live events and Net
events at informationweek.com/events
Reports reports.informationweek.com
for original research and strategic advice
How to Contact Us
createyournextcustomer.techweb.com/
2014-editorial-calendars/
Editorial Calendar informationweek.com/edcal
Back Issues
E-mail: customerservice@informationweek.com
Phone: 888-664-3332 (U.S.)
847-763-9588 (Outside U.S.)
Reprints Wright’s Media, 1-877-652-5295
Web: wrightsmedia.com/reprints/?magid=2196
E-mail: ubmreprints@wrightsmedia.com
List Rentals Merit Direct
E-mail: svigliotti@meritdirect.com
Phone: 914-368-1088
Media Kits and Advertising Contacts
createyournextcustomer.com/contact-us
Letters to the Editor E-mail
editors@darkreading.com. Include name, title,
­company, city, and daytime phone number.
Subscriptions
E-mail: customerservice@informationweek.com
Phone: 888-664-3332 (U.S.)
847-763-9588 (Outside U.S.)
TimWilson Dark Reading Site Editor
timothy.wilson@ubm.com 703-262-0680
KellyJackson-Higgins Dark Reading Senior Editor
kelly.jackson.higgins@ubm.com 434-960-9899
IT TARGET: INFORMATIONWEEK, DARK
READING, NETWORK COMPUTING
Western US (Pacific and Mountain states), Central/
Midwest
VP & National Co-Chair, Business Technology
Media Sales, Sandra Kupiec (interim contact, N.M.,
Ariz.)
415-947-6922, sandra.kupiec@ubm.com
Wash., Ore., Mont., Wyo., Idaho, Nev., and So. Calif.
— Account Director, Matthew Cohen-Meyer
415-947-6214, matthew.meyer@ubm.com
No. Calif., Utah, Colo. — Account Director,Vesna Beso
415-947-6104, vesna.beso@ubm.com
Texas — Strategic Accounts Director, Michele
Hurabiell
415-378-3540, michele.hurabiell@ubm.com
Central/Midwest, Account Executive, Silas Chu
415-947-6105, silas.chu@ubm.com
Account Executive, Lynn Van
415-947-6157, lynn.van@ubm.com
South, Northeast US; Canada and International
VP & National Co-Chair, BusinessTechnology
Media Sales, Mary Hyland
516-562-5120, mary.hyland@ubm.com
Eastern Regional Sales Director, Michael Greenhut
516-562-5044, michael.greenhut@ubm.com
Southeast — District Manager, Jenny Hanna
516-562-5116, jenny.hanna@ubm.com
Northeast, Eastern Canada — District Manager,
Stephen Sorhaindo
212-600-3092, stephen.sorhaindo@ubm.com
Mid-Atlantic, R.I. — Account Director, Matt Payne
415-489-6307, matt.payne@ubm.com
Fla., Western Canada, International — Account
Executive, Anna Maria Charalambous
212-600-3193, annamaria.charalambous@ubm.com
Sales Associate, Joseph Van Scyoc
212-600-3387, joseph.vanscyoc@ubm.com
Strategic Accounts
Strategic Account Director, Vanessa Tormey
805-252-4357, vanessa.tormey@ubm.com
Strategic Account Director, Jennifer Gambino
516-562-7169, jennifer.gambino@ubm.com
Strategic Account Director, Amanda Oliveri
212-600-3106, amanda.oliveri@ubm.com
SALES CONTACTS—CREATE
MARKETING SERVICES
Director of Client Marketing Strategy,
Jonathan Vlock
212-600-3019, jonathan.vlock@ubm.com
Senior Manager, Client Marketing Strategy,
Blake Cohlan
415-947-6379, blake.cohlan@ubm.com
SALES CONTACTS—EVENTS
VP, Events, Robyn Duda
212-600-3046, robyn.duda@ubm.com
MARKETING
VP, Marketing, Winnie Ng-Schuchman
631-406-6507, winnie.ng@ubm.com
Director of Marketing, Monique Luttrell
415-947-6958, monique.luttrell@ubm.com
Marketing Assistant, Hilary Jansen
415-947-6205, hilary.jansen@ubm.com
UBM TECH
Paul Miller CEO
Marco Pardi President, Events
Kelley Damore Chief Community Officer
Tom Spaeth CFO
David Michael CIO
Simon Carless Exec. VP, Game & App Development
and Black Hat
Lenny Heymann Exec. VP, New Markets
Angela Scalpello Sr. VP, People & Culture
Copyright 2014 UBM LLC. All rights reserved.
RobPreston VP and Editor In Chief
rob.preston@ubm.com 516-562-5692
JimDonahue Managing Editor
james.donahue@ubm.com 516-562-7980
ChrisMurphy Editor
chris.murphy@ubm.com 414-906-5331
ShaneO’Neill Managing Editor
shane.oneill@ubm.com 617-202-3710
LornaGarey Content Director, Reports
lorna.garey@ubm.com 978-694-1681
DebeeRommel Senior Art Director
debee.rommel@ubm.com
Business Contacts

Contenu connexe

En vedette

Cyber security-report-2017
Cyber security-report-2017Cyber security-report-2017
Cyber security-report-2017NRC
 
ethical hacking in the modern times
ethical hacking in the modern timesethical hacking in the modern times
ethical hacking in the modern timesjeshin jose
 
Hack Into Drupal Sites (or, How to Secure Your Drupal Site)
Hack Into Drupal Sites (or, How to Secure Your Drupal Site)Hack Into Drupal Sites (or, How to Secure Your Drupal Site)
Hack Into Drupal Sites (or, How to Secure Your Drupal Site)nyccamp
 

En vedette (6)

Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
Cyber security-report-2017
Cyber security-report-2017Cyber security-report-2017
Cyber security-report-2017
 
ethical hacking in the modern times
ethical hacking in the modern timesethical hacking in the modern times
ethical hacking in the modern times
 
Ethical hacking presentation
Ethical hacking presentationEthical hacking presentation
Ethical hacking presentation
 
Hacking ppt
Hacking pptHacking ppt
Hacking ppt
 
Hack Into Drupal Sites (or, How to Secure Your Drupal Site)
Hack Into Drupal Sites (or, How to Secure Your Drupal Site)Hack Into Drupal Sites (or, How to Secure Your Drupal Site)
Hack Into Drupal Sites (or, How to Secure Your Drupal Site)
 

Plus de - Mark - Fullbright

ISTR Internet Security Threat Report 2019
ISTR Internet Security Threat Report 2019ISTR Internet Security Threat Report 2019
ISTR Internet Security Threat Report 2019- Mark - Fullbright
 
2020 Data Breach Investigations Report (DBIR)
2020 Data Breach Investigations Report (DBIR)2020 Data Breach Investigations Report (DBIR)
2020 Data Breach Investigations Report (DBIR)- Mark - Fullbright
 
Consumer Sentinel Network Data Book 2019
Consumer Sentinel Network Data Book 2019Consumer Sentinel Network Data Book 2019
Consumer Sentinel Network Data Book 2019- Mark - Fullbright
 
CFPB Consumer Reporting Companies 2019
CFPB Consumer Reporting Companies 2019CFPB Consumer Reporting Companies 2019
CFPB Consumer Reporting Companies 2019- Mark - Fullbright
 
Advisory to Financial Institutions on Illicit Financial Schemes and Methods R...
Advisory to Financial Institutions on Illicit Financial Schemes and Methods R...Advisory to Financial Institutions on Illicit Financial Schemes and Methods R...
Advisory to Financial Institutions on Illicit Financial Schemes and Methods R...- Mark - Fullbright
 
2019 Data Breach Investigations Report (DBIR)
2019 Data Breach Investigations Report (DBIR)2019 Data Breach Investigations Report (DBIR)
2019 Data Breach Investigations Report (DBIR)- Mark - Fullbright
 
2018 Privacy & Data Security Report
2018 Privacy & Data Security Report2018 Privacy & Data Security Report
2018 Privacy & Data Security Report- Mark - Fullbright
 
Consumer Sentinel Network Data Book 2018
Consumer Sentinel Network Data Book 2018 Consumer Sentinel Network Data Book 2018
Consumer Sentinel Network Data Book 2018 - Mark - Fullbright
 
The Geography of Medical Identity Theft
The Geography of Medical Identity TheftThe Geography of Medical Identity Theft
The Geography of Medical Identity Theft- Mark - Fullbright
 
Consumer Sentinel Data Book 2017
Consumer Sentinel Data Book 2017Consumer Sentinel Data Book 2017
Consumer Sentinel Data Book 2017- Mark - Fullbright
 
Protecting Personal Information: A Guide for Business
Protecting Personal Information: A Guide for BusinessProtecting Personal Information: A Guide for Business
Protecting Personal Information: A Guide for Business- Mark - Fullbright
 
Data Breach Response: A Guide for Business
Data Breach Response: A Guide for BusinessData Breach Response: A Guide for Business
Data Breach Response: A Guide for Business- Mark - Fullbright
 
2017 Data Breach Investigations Report
2017 Data Breach Investigations Report2017 Data Breach Investigations Report
2017 Data Breach Investigations Report- Mark - Fullbright
 
Consumer Sentinel Network Data Book for January 2016 - December 2016
Consumer Sentinel Network Data Book for January 2016 - December 2016Consumer Sentinel Network Data Book for January 2016 - December 2016
Consumer Sentinel Network Data Book for January 2016 - December 2016- Mark - Fullbright
 
Consumer Sentinel Data Book 2015
Consumer Sentinel Data Book 2015Consumer Sentinel Data Book 2015
Consumer Sentinel Data Book 2015- Mark - Fullbright
 

Plus de - Mark - Fullbright (20)

ISTR Internet Security Threat Report 2019
ISTR Internet Security Threat Report 2019ISTR Internet Security Threat Report 2019
ISTR Internet Security Threat Report 2019
 
IC3 2019 Internet Crime Report
IC3 2019 Internet Crime ReportIC3 2019 Internet Crime Report
IC3 2019 Internet Crime Report
 
Police, Protesters, Press, 2020
Police, Protesters, Press, 2020Police, Protesters, Press, 2020
Police, Protesters, Press, 2020
 
2020 Data Breach Investigations Report (DBIR)
2020 Data Breach Investigations Report (DBIR)2020 Data Breach Investigations Report (DBIR)
2020 Data Breach Investigations Report (DBIR)
 
FCPA Guidance 2020
FCPA Guidance 2020FCPA Guidance 2020
FCPA Guidance 2020
 
Consumer Sentinel Network Data Book 2019
Consumer Sentinel Network Data Book 2019Consumer Sentinel Network Data Book 2019
Consumer Sentinel Network Data Book 2019
 
CFPB Consumer Reporting Companies 2019
CFPB Consumer Reporting Companies 2019CFPB Consumer Reporting Companies 2019
CFPB Consumer Reporting Companies 2019
 
Advisory to Financial Institutions on Illicit Financial Schemes and Methods R...
Advisory to Financial Institutions on Illicit Financial Schemes and Methods R...Advisory to Financial Institutions on Illicit Financial Schemes and Methods R...
Advisory to Financial Institutions on Illicit Financial Schemes and Methods R...
 
2018 IC3 Report
2018 IC3 Report2018 IC3 Report
2018 IC3 Report
 
2019 Data Breach Investigations Report (DBIR)
2019 Data Breach Investigations Report (DBIR)2019 Data Breach Investigations Report (DBIR)
2019 Data Breach Investigations Report (DBIR)
 
2018 Privacy & Data Security Report
2018 Privacy & Data Security Report2018 Privacy & Data Security Report
2018 Privacy & Data Security Report
 
Consumer Sentinel Network Data Book 2018
Consumer Sentinel Network Data Book 2018 Consumer Sentinel Network Data Book 2018
Consumer Sentinel Network Data Book 2018
 
Credit Score Explainer
Credit Score ExplainerCredit Score Explainer
Credit Score Explainer
 
The Geography of Medical Identity Theft
The Geography of Medical Identity TheftThe Geography of Medical Identity Theft
The Geography of Medical Identity Theft
 
Consumer Sentinel Data Book 2017
Consumer Sentinel Data Book 2017Consumer Sentinel Data Book 2017
Consumer Sentinel Data Book 2017
 
Protecting Personal Information: A Guide for Business
Protecting Personal Information: A Guide for BusinessProtecting Personal Information: A Guide for Business
Protecting Personal Information: A Guide for Business
 
Data Breach Response: A Guide for Business
Data Breach Response: A Guide for BusinessData Breach Response: A Guide for Business
Data Breach Response: A Guide for Business
 
2017 Data Breach Investigations Report
2017 Data Breach Investigations Report2017 Data Breach Investigations Report
2017 Data Breach Investigations Report
 
Consumer Sentinel Network Data Book for January 2016 - December 2016
Consumer Sentinel Network Data Book for January 2016 - December 2016Consumer Sentinel Network Data Book for January 2016 - December 2016
Consumer Sentinel Network Data Book for January 2016 - December 2016
 
Consumer Sentinel Data Book 2015
Consumer Sentinel Data Book 2015Consumer Sentinel Data Book 2015
Consumer Sentinel Data Book 2015
 

Dernier

How to Show Error_Warning Messages in Odoo 17
How to Show Error_Warning Messages in Odoo 17How to Show Error_Warning Messages in Odoo 17
How to Show Error_Warning Messages in Odoo 17Celine George
 
CapTechU Doctoral Presentation -March 2024 slides.pptx
CapTechU Doctoral Presentation -March 2024 slides.pptxCapTechU Doctoral Presentation -March 2024 slides.pptx
CapTechU Doctoral Presentation -March 2024 slides.pptxCapitolTechU
 
How to Manage Cross-Selling in Odoo 17 Sales
How to Manage Cross-Selling in Odoo 17 SalesHow to Manage Cross-Selling in Odoo 17 Sales
How to Manage Cross-Selling in Odoo 17 SalesCeline George
 
What is the Future of QuickBooks DeskTop?
What is the Future of QuickBooks DeskTop?What is the Future of QuickBooks DeskTop?
What is the Future of QuickBooks DeskTop?TechSoup
 
The Singapore Teaching Practice document
The Singapore Teaching Practice documentThe Singapore Teaching Practice document
The Singapore Teaching Practice documentXsasf Sfdfasd
 
AUDIENCE THEORY -- FANDOM -- JENKINS.pptx
AUDIENCE THEORY -- FANDOM -- JENKINS.pptxAUDIENCE THEORY -- FANDOM -- JENKINS.pptx
AUDIENCE THEORY -- FANDOM -- JENKINS.pptxiammrhaywood
 
Patient Counselling. Definition of patient counseling; steps involved in pati...
Patient Counselling. Definition of patient counseling; steps involved in pati...Patient Counselling. Definition of patient counseling; steps involved in pati...
Patient Counselling. Definition of patient counseling; steps involved in pati...raviapr7
 
Prescribed medication order and communication skills.pptx
Prescribed medication order and communication skills.pptxPrescribed medication order and communication skills.pptx
Prescribed medication order and communication skills.pptxraviapr7
 
Patterns of Written Texts Across Disciplines.pptx
Patterns of Written Texts Across Disciplines.pptxPatterns of Written Texts Across Disciplines.pptx
Patterns of Written Texts Across Disciplines.pptxMYDA ANGELICA SUAN
 
In - Vivo and In - Vitro Correlation.pptx
In - Vivo and In - Vitro Correlation.pptxIn - Vivo and In - Vitro Correlation.pptx
In - Vivo and In - Vitro Correlation.pptxAditiChauhan701637
 
Easter in the USA presentation by Chloe.
Easter in the USA presentation by Chloe.Easter in the USA presentation by Chloe.
Easter in the USA presentation by Chloe.EnglishCEIPdeSigeiro
 
UKCGE Parental Leave Discussion March 2024
UKCGE Parental Leave Discussion March 2024UKCGE Parental Leave Discussion March 2024
UKCGE Parental Leave Discussion March 2024UKCGE
 
Benefits & Challenges of Inclusive Education
Benefits & Challenges of Inclusive EducationBenefits & Challenges of Inclusive Education
Benefits & Challenges of Inclusive EducationMJDuyan
 
How to Add a many2many Relational Field in Odoo 17
How to Add a many2many Relational Field in Odoo 17How to Add a many2many Relational Field in Odoo 17
How to Add a many2many Relational Field in Odoo 17Celine George
 
CHUYÊN ĐỀ DẠY THÊM TIẾNG ANH LỚP 11 - GLOBAL SUCCESS - NĂM HỌC 2023-2024 - HK...
CHUYÊN ĐỀ DẠY THÊM TIẾNG ANH LỚP 11 - GLOBAL SUCCESS - NĂM HỌC 2023-2024 - HK...CHUYÊN ĐỀ DẠY THÊM TIẾNG ANH LỚP 11 - GLOBAL SUCCESS - NĂM HỌC 2023-2024 - HK...
CHUYÊN ĐỀ DẠY THÊM TIẾNG ANH LỚP 11 - GLOBAL SUCCESS - NĂM HỌC 2023-2024 - HK...Nguyen Thanh Tu Collection
 
Philosophy of Education and Educational Philosophy
Philosophy of Education  and Educational PhilosophyPhilosophy of Education  and Educational Philosophy
Philosophy of Education and Educational PhilosophyShuvankar Madhu
 
HED Office Sohayok Exam Question Solution 2023.pdf
HED Office Sohayok Exam Question Solution 2023.pdfHED Office Sohayok Exam Question Solution 2023.pdf
HED Office Sohayok Exam Question Solution 2023.pdfMohonDas
 

Dernier (20)

How to Show Error_Warning Messages in Odoo 17
How to Show Error_Warning Messages in Odoo 17How to Show Error_Warning Messages in Odoo 17
How to Show Error_Warning Messages in Odoo 17
 
CapTechU Doctoral Presentation -March 2024 slides.pptx
CapTechU Doctoral Presentation -March 2024 slides.pptxCapTechU Doctoral Presentation -March 2024 slides.pptx
CapTechU Doctoral Presentation -March 2024 slides.pptx
 
How to Manage Cross-Selling in Odoo 17 Sales
How to Manage Cross-Selling in Odoo 17 SalesHow to Manage Cross-Selling in Odoo 17 Sales
How to Manage Cross-Selling in Odoo 17 Sales
 
What is the Future of QuickBooks DeskTop?
What is the Future of QuickBooks DeskTop?What is the Future of QuickBooks DeskTop?
What is the Future of QuickBooks DeskTop?
 
The Singapore Teaching Practice document
The Singapore Teaching Practice documentThe Singapore Teaching Practice document
The Singapore Teaching Practice document
 
AUDIENCE THEORY -- FANDOM -- JENKINS.pptx
AUDIENCE THEORY -- FANDOM -- JENKINS.pptxAUDIENCE THEORY -- FANDOM -- JENKINS.pptx
AUDIENCE THEORY -- FANDOM -- JENKINS.pptx
 
Patient Counselling. Definition of patient counseling; steps involved in pati...
Patient Counselling. Definition of patient counseling; steps involved in pati...Patient Counselling. Definition of patient counseling; steps involved in pati...
Patient Counselling. Definition of patient counseling; steps involved in pati...
 
Prelims of Kant get Marx 2.0: a general politics quiz
Prelims of Kant get Marx 2.0: a general politics quizPrelims of Kant get Marx 2.0: a general politics quiz
Prelims of Kant get Marx 2.0: a general politics quiz
 
Prescribed medication order and communication skills.pptx
Prescribed medication order and communication skills.pptxPrescribed medication order and communication skills.pptx
Prescribed medication order and communication skills.pptx
 
Patterns of Written Texts Across Disciplines.pptx
Patterns of Written Texts Across Disciplines.pptxPatterns of Written Texts Across Disciplines.pptx
Patterns of Written Texts Across Disciplines.pptx
 
In - Vivo and In - Vitro Correlation.pptx
In - Vivo and In - Vitro Correlation.pptxIn - Vivo and In - Vitro Correlation.pptx
In - Vivo and In - Vitro Correlation.pptx
 
Finals of Kant get Marx 2.0 : a general politics quiz
Finals of Kant get Marx 2.0 : a general politics quizFinals of Kant get Marx 2.0 : a general politics quiz
Finals of Kant get Marx 2.0 : a general politics quiz
 
Easter in the USA presentation by Chloe.
Easter in the USA presentation by Chloe.Easter in the USA presentation by Chloe.
Easter in the USA presentation by Chloe.
 
UKCGE Parental Leave Discussion March 2024
UKCGE Parental Leave Discussion March 2024UKCGE Parental Leave Discussion March 2024
UKCGE Parental Leave Discussion March 2024
 
Benefits & Challenges of Inclusive Education
Benefits & Challenges of Inclusive EducationBenefits & Challenges of Inclusive Education
Benefits & Challenges of Inclusive Education
 
How to Add a many2many Relational Field in Odoo 17
How to Add a many2many Relational Field in Odoo 17How to Add a many2many Relational Field in Odoo 17
How to Add a many2many Relational Field in Odoo 17
 
CHUYÊN ĐỀ DẠY THÊM TIẾNG ANH LỚP 11 - GLOBAL SUCCESS - NĂM HỌC 2023-2024 - HK...
CHUYÊN ĐỀ DẠY THÊM TIẾNG ANH LỚP 11 - GLOBAL SUCCESS - NĂM HỌC 2023-2024 - HK...CHUYÊN ĐỀ DẠY THÊM TIẾNG ANH LỚP 11 - GLOBAL SUCCESS - NĂM HỌC 2023-2024 - HK...
CHUYÊN ĐỀ DẠY THÊM TIẾNG ANH LỚP 11 - GLOBAL SUCCESS - NĂM HỌC 2023-2024 - HK...
 
Personal Resilience in Project Management 2 - TV Edit 1a.pdf
Personal Resilience in Project Management 2 - TV Edit 1a.pdfPersonal Resilience in Project Management 2 - TV Edit 1a.pdf
Personal Resilience in Project Management 2 - TV Edit 1a.pdf
 
Philosophy of Education and Educational Philosophy
Philosophy of Education  and Educational PhilosophyPhilosophy of Education  and Educational Philosophy
Philosophy of Education and Educational Philosophy
 
HED Office Sohayok Exam Question Solution 2023.pdf
HED Office Sohayok Exam Question Solution 2023.pdfHED Office Sohayok Exam Question Solution 2023.pdf
HED Office Sohayok Exam Question Solution 2023.pdf
 

Stop Targeted Attackers

  • 1. darkreading.com APRIL 2013 Targeted Attackers Previous Next Previous Next DownloadDownload RR SubscribeSubscribe Previous Next Previous Next PLUS Handling targeted attacks: Experts speak >> STOP All cyber-attackers aren’t equal. Focus more attention on exploits made just for you. >> By Ericka Chickowski DOWNLOAD PDF
  • 2. COVER STORY Stop Targeted Attackers The most dangerous attacks aren’t random, so focus on those that are created just for your company. p4 DARK DOMINION Handling Targeted Attacks: The Experts Speak Security pros offer tips on preventing targeted threats. p3 CONTACTS Editorial and Business Contacts p11 Digital Business Leaders Engage with Oracle presi- dent Mark Hurd, NFL CIO Michelle McKenna-Doyle, and other leaders of the Digital Business movement at the InformationWeek Conference and Elite 100 Awards Ceremony, to be held in conjunction with Interop in LasVegas, March 31 to April 1. IT Insights At Interop Get insights on BYOD security, cloud and virtual- ization, SDN, the Internet of things, Apple in the enterprise, and more at Interop LasVegas, the tech- nology conference and expo series designed to in- spire and inform the world’s IT community. March 31 to April 4. Security Smarts Our Security Services Tech Center provides the lat- est news, product information, analysis, and opin- ion on security services and outsourcing to help your organization make the right choices. PREVIOUS ISSUE Secure The Cloud Cloud security needn’t be an oxymoron. Here’s how to get it right. FOLLOW US ON TWITTER AND FACEBOOK @DarkReading darkreading.com/facebook darkreading.com Previous Next Previous Next DownloadDownload RegisterRegister SubscribeSubscribe Previous Next Previous Next April 2014 2 CONTENTS April 2014 Issue 015 More From Dark Reading
  • 3. This month’s digital issue on targeted at- tacks isn’t the first time Dark Reading has looked at this topic. On March 6, in conjunc- tion with our sister publication Information- Week, we conducted a half-day conference in Boston on targeted attacks featuring the industry’s best-known experts. The following are the key messages from that event. Get to know your attacker. Most current defenses against targeted attacks focus on analyzing the unique malware used by the attackers. But there is a growing base of ven- dors that offers threat intelligence services that make it possible for your enterprise to not only identify the malware, but to isolate the methods and identities of the attacking group. “If you understand your attacker’s meth- ods, you can improve your defenses against those attacks exponentially,” says George Kurtz, CEO and co-founder of CrowdStrike, who keynoted the Boston event. A targeted attack isn’t necessarily a di- rect attack. Bad guys are discovering that the best way to gain entry into a targeted network is by compromising the systems of third parties that have access to that net- work. The huge data breach at the Target retail chain in late 2013 has been traced to a small heating and air conditioning company that worked with Target. “To build an effective defense, you also need to extend your visibility into your sup- ply chain,”says Kurtz. A targeted attack isn’t always a new at- tack. While some high-profile cases of tar- geted attacks have involved zero-day mal- ware developed specifically for the victim, the majority of these attacks exploit known vulnerabilities. “Many of these attacks involve years-old vulnerabilities that could have been pre- vented if the victims had just stayed up to date with their patches,” said JD Sherry, a security researcher from Trend Micro, in a presentation at the Boston event. Most targeted attacks leave fingerprints. Like conventional criminals, targeted attack- ers tend to develop “modus operandi” — a unique set of tools and practices they use over and over again. By identifying this M.O., enterprises can build customized defenses designed to stop these specific attacks. Ninety-nine percent of targeted attacks are manually operated, which gives them an almost human quality that is quite different from mass-produced malware, says Harry Sverdlove, CTO of Bit9. If you want to frustrate a targeted at- tacker,raisethecostofhisattack.It may not be possible for an enterprise to “hack back” against a cyber-criminal, but you may be able to frustrate the bad guys by repeatedly expos- ing and interrupting their methods. “The bad guy has to pull off an entire pro- cess without being detected,” says Tim “TK” Keanini, CTO at Lancope. “Interrupting this ‘kill chain’ is the key to making it more dif- ficult to complete the process.” Tim Wilson is editor of DarkReading.com. Write to him at timothy.wilson@ubm.com. Previous Next Previous Next DownloadDownload RegisterRegister SubscribeSubscribe Previous Next Previous Next April 2104 3darkreading.com DARK DOMINION Handling Targeted Attacks: Experts Speak TIM WILSON @darkreadingtim Table of Contents DOWNLOAD PDF RegisterRegister Previous Next Previous Next NextWave Of BusinessTech Engage with Oracle president Mark Hurd, Box founder Aaron Levie, UPMC CIO Dan Drawbaugh, GE Power CIO Jim Fowler, former Netflix cloud architect Adrian Cockcroft, and other leaders of the Digital Business movement at the InformationWeek Conference and Elite 100 Awards Ceremony, to be held in conjunction with Interop in Las Vegas, March 31 to April 1, 2014. Click here for full agenda.
  • 4. April 2014 4 Not so long ago, the main threats in cyber-security were random: viruses and worms that crawled across the entire Internet, or malware buried in spammy email blasts. Enterprises coped with the problem with protective screens that recognized and blocked these random attacks, as an umbrella keeps off the rain. Today, the most dangerous attacks are no longer random. They are targeted specifi- cally to steal or damage data from a specific organization, or even from specific systems and people in that organization. The tar- gets aren’t always large companies or gov- ernment agencies; targeted attacks can be launched against government contractors, media firms, or even small businesses. Tar- geted attacks are the attack vector of choice COVER STORY Table of Contents Previous Next Previous Next DownloadDownload RegisterRegister SubscribeSubscribe Previous Next Previous Next All cyber-attackers aren’t equal. Focus more attention on exploits made just for you. Stop Targeted Attackers darkreading.com By Ericka Chickowski @ErickaChick DOWNLOAD PDF
  • 5. April 2014 5 COVER STORYSTOP TARGETED ATTACKERS Previous Next Previous Next DownloadDownload RegisterRegister SubscribeSubscribe Previous Next Previous Next darkreading.com for sophisticated cyber-criminals, and against certain exploits, existing enter- prise defenses are about as effective as an umbrella against a surprise Super Soaker attack. Targeted attackers sometimes spend months, even years, scouting their targets. They’ll probe for weaknesses and pinpoint vulnerabilities that can be used in a tailored attack.That first vulnerability may get them the crown jewels right away, but typically, targeted attacks are a multistep process. Attackers start by gaining a foothold in the target’s infrastructure. Once inside, they’ll quietly scope out the network, looking for further points of attack and ways to access specific information. The recent breach at retailer Target is a prime example of a targeted attack. Attack- ers were able to gain enough access within the retailer’s network to install malicious software on its point-of-sale (POS) systems to collect the credit and debit card data of millions of customers as the transactions were being made. The initial route into the network was circuitous, according to news reports. At- tackers got a foothold in Target’s network through a phishing attack against the company’s heating and air conditioning vendor. From there, the attackers used limited administrative connections from the vendor into Target’s network to worm their way further into the network of systems. The criminals running the attack did enough legwork to learn which ven- dors Target did business with and found one that would eventually give them the keys to a side door into the Target infrastructure. This is just one very public example. “We’re losing this war, to be blunt about it,” says Dan Kaminsky, a noted security re- searcher and chief scientist for fraud detec- tion firm White Ops. “Five hundred of the Fortune 500 are under targeted attack. It’s a constant cat and mouse game.” Targeted attacks test enterprise de- fenses because they defeat the old “um- “We’re losing this war, to be blunt about it. Five hundred of the Fortune 500 are under targeted attack. It’s a constant cat and mouse game.” — Dan Kaminsky, White Ops Previous Next RegisterRegister Previous Next Previous Next Education And Networking Learn how cloud computing, software-defined networking, virtualization, wireless, and other key technologies work together to drive business at Interop Las Vegas. It happens March 31 to April 4. Table of Contents
  • 6. April 2014 6 brella” defense, which was designed to stop widespread, random attacks. Companies can no longer treat all types of attacks the same. They must instead prioritize defenses against the methods that targeted attackers are likely to levy against their businesses. “We’re treating everything as if it were the same level of threat, whether it’s a targeted attack, a criminal, a teenager trying to port scan your network. They’re all getting simi- lar levels of attention, and that’s not a sus- tainable model,” says Dmitri Alperovitch, co- founder and CTO of Crowdstrike, a threat detection vendor focusing on advanced and targeted attacks.“You have to prioritize.” Understand The Attacker’s Mentality Developing a defense for targeted attacks starts by understanding who these attackers are and how they operate. Now, that doesn’t necessarily mean working to identify your attackers specifically. That’s a rabbit hole that won’t reap enough rewards for the effort, Ka- minsky warns. “Even if you knew exactly who your attack- ers were, there’s a limited number of sce- narios in which you can do anything about it,”he says. You’re not seeking out a specific name or identity. Instead, you’re identifying attack patterns common in your industry and look- ing to protect yourself from attacks against the data that a targeted attacker would want to steal. And that means understanding how attackers operate. For example, some opportunistic financial attackers go after mom-and-pop point-of- sale systems by scanning the Internet looking for open pcAnywhere, virtual network com- puting, or remote desktop connections, says Lucas Zaichkowsky, enterprise defense archi- tect for the forensics and security firm AccessData. Many of these merchants and their POS vendors set these systems up and do port forwarding so the POS vendor can help the merchant troubleshoot remotely. Using that as a jumping-off point, targeted attackers of- ten have enough information to understand common POS systems and know where credit card data is likely stored. “Most POS systems are encrypted these days, but it’s all about knowing where the keys are,” says Zaichkowsky. “Or they’ll just drop in keystroke recorders or memory scrapers to grab the data as it’s in transit without even relying on it being stored any- where, and then it’s just automatically up- loaded or uploaded through batch to some COVER STORY Previous Next Previous Next DownloadDownload RegisterRegister SubscribeSubscribe Previous Next Previous Next darkreading.com STOP TARGETED ATTACKERS 19% 19% of all attacks analyzed in a 2013 Verizon report were perpetrated by state-affiliated actors — in other words, a form of espionage. Data: Verizon 2013 Data Breach Investigations Report Every company needs to remember that it has an advantage over the targeted attacker because the company has an insider’s knowledge of its own environment. Click HereClick Here Get Smart Our Threat Intelligence Tech Center provides in-depth information on collecting and analyzing data on emerging cyber-security threats. Table of Contents
  • 7. April 2014 7 FTP server somewhere. And a lot of that stuff is done in a matter of minutes.” Meanwhile, other extremely sophisti- cated attackers may target specific finan- cial organizations to “jackpot millions out of ATM machines,” says Zaichkowsky. Nation- state attackers may go after specific industrial companies to gain intelligence information. At the lower level of sophistication, such as the POS example, attackers target common vulnerability opportunities. At the higher end, they target a specific organization’s weak- nesses by doing a lot of reconnaissance. “The more targeted the attack, the fewer obvious mistakes your attacker is going to make, because his attack is tailored to a particular environment,”White Ops’s Kamin- sky says. To understand how targeted attack tech- niques apply to your industry or business, finger-in-the-wind Internet research won’t cut it. Instead, gather true threat intelligence about attacks occurring in near or real time within real world environments. “Intelligence can help you identify both the risk to assets — by looking at the adversaries that may be motivated to go after your data —and can provide you with the understand- ing of the trade craft and the capabilities of those actors, so that you can start thinking about how to adjust your defense model to specifically meet the capabilities of those ad- versaries,”Alperovitch says. Zaichkowsky explains how threat intelli- gence can help. “Let’s say, for example, you know the state- sponsored Chinese guys are coming after you. You’ve got some intellectual property you know they want,” he says. “They tend to operate by spearphishing most of the time for initial point of entry. So being able to make sure certain file attachment types COVER STORY Previous Next Previous Next DownloadDownload RegisterRegister SubscribeSubscribe Previous Next Previous Next darkreading.com STOP TARGETED ATTACKERS Threat Intelligence data is most effective when it is integrated directly with other security efforts. The data can inform both tactical security efforts,as well as more strategic governance and risk management processes. Threat Intelligence Integration Table of Contents
  • 8. can’t be opened and installing next-gen solutions in line mode, you can [take actions that] actually prevent things as much as possible.” Understand Your Own Environment Of course, understanding who’s likely to attack you and how is only a part of the puzzle. Internal data and system knowl- edge is just as important as knowing your enemy, to paraphrase Chinese military philosopher Sun Tzu. This means identifying what information assets your organization has — and what assets are most important to your business — because each company has different pain points and risk factors. “Coordinate across business units to identify the information that would be critical if my competitor or a threat actor were to take it,”says Jen Weedon, manager for the intelligence team at FireEye. “That gets you down the path of being able to know,‘OK, I should protect X, Y, Z informa- tion with higher levels of security.’” In other words, targeted threat protec- tion really starts with a targeted, internal risk assessment. “Info about a negotiation on a multi- billion-dollar deal is probably a lot more valuable than info about a $200,000 sales opportunity,”Alperovitch says. Similarly, organizations must under- stand what’s going on within their IT en- vironments, correlating that with the data protection priorities they’ve made and the threat intelligence feeds they receive about external dangers. This is why or- ganizations are investing more heavily in detection technologies than in traditional umbrella prevention techniques. Detection is much more effective than prevention, says Kaminsky.The notion that vulnerabilities are instantly exploited and that all useful data is instantly removed simply isn’t true. “There’s a period of time it takes to find COVER STORY Previous Next Previous Next DownloadDownload RegisterRegister SubscribeSubscribe Previous Next Previous Next darkreading.com STOP TARGETED ATTACKERS April 2014 8 “We’re treating everything as the same level of threat – whether it’s a targeted attack, a criminal, a teenager trying to port scan your network – and that’s not a sustain- able model.” — Dmitri Alperovitch, Crowdstrike Table of Contents
  • 9. your target and determine how to exploit it,” Kaminsky says. “And it turns out that there are specific things that show up in the logs after the vulnerability has been found but before it’s been successfully exploited — and they can serve as a great signal [of an attack in progress].” Every company needs to remember that it has an advantage over the targeted at- tacker because the company has an in- sider’s knowledge of its own environment. “You don’t have to discover the proper- ties of your environment in real time the same way that an attacker does,”Kaminsky says. “We do not use honeypots enough. We do not attempt enough to exploit the attackers’ real-time discovery of the net- works that they’re breaking into.” Too often, says Zaichkowsky, organiza- tions “burn” the intelligence they may have about attackers rather than using it to identify their methods and stop them. For example, if a business learns from threat intelligence service providers Previous Next Previous Next DownloadDownload RegisterRegister SubscribeSubscribe Previous Next Previous Next darkreading.com COVER STORYSTOP TARGETED ATTACKERS April 2014 9 How concerned is your organization about advanced cyber-espionage,nation-state or other types? 9% 24% 30% 13% 24% Cyber-Espionage Concern Data:InformationWeek 2013 Strategic Security Survey of 1,029 business technology and security professionals at organizations with 100 or more employees,March 2013 1 2 3 4 5 6 7 89 Not at all concerned Slightly concerned Moderately concerned Very concerned Extremely concerned Table of Contents
  • 10. that a list of IP addresses is being used to attack the business, its first instinct may be to just configure the firewall to block those addresses. But when you’re dealing with targeted attackers, as soon as they try to connect to you and it’s not working, they’ll just go to another IP ad- dress — and you’ve essentially burned your intelligence. Instead, take that tactical intelligence and lay down “tripwires” to watch the at- tackers’ activity and remediate a little fur- ther down the line. “Then when you actually remediate and you kick them out,”says Zaichkowsky,“you haven’t burned any of your intelligence. They’ll have to start guessing, ‘Well, how did they find me?’” Frustrate Your Attacker Ultimately, the goal is to make life very hard for the targeted attacker and also to buy your organization enough time to respond to targeted attacks before the crown jewels leave the building. “Think of infrastructure hardening like building a maze,” says Zaichkowsky. “You’re making that maze more and more complex, which buys you time. In a tar- geted attack, they’re going to get to what they’re after — it’s just a matter of time. So make that maze as difficult as possible and set up little tripwires everywhere to identify attackers as they’re progressing through it.” Your team needs enough audit logs, fo- rensics artifacts, and monitoring tools in place to quickly scope out an attack when a tripwire has been tripped. But even more than that, companies should constantly adjust their defenses to make it expensive for the attacker to operate within their envi- ronments, Kaminsky warns. While creating a puzzle may make things more difficult for attackers, the reward might be great enough that the attacker will invest the time and resources to figure out that puzzle. “You have to play a chess game,” Kamin- sky says. “You have to make sure there’s a cost to the attacker for getting detected, but you have to make sure the attacker thinks maybe it will work. But when it doesn’t work, they’re going to lose what they have within your network. If you don’t play the game, if you just try to make a puzzle, you’ve already lost.” Writetousateditors@darkreading.com. Table of Contents Previous Next Previous Next DownloadDownload RegisterRegister SubscribeSubscribe Previous Next Previous Next darkreading.com COVER STORYSTOP TARGETED ATTACKERS April 2014 10
  • 11. April 2014 11darkreading.com Table of Contents Previous Next Previous Next DownloadDownload RegisterRegister SubscribeSubscribe Previous Next Previous Next Online, Newsletters, Events, Research READER SERVICES DarkReading.com The destination for the latest news on IT security threats, technology, and best practices Electronic Newsletters Subscribe to Dark ­Reading’s daily newsletter and other newsletters at darkreading.com/newsletters/subscribe Events Get the latest on our live events and Net events at informationweek.com/events Reports reports.informationweek.com for original research and strategic advice How to Contact Us createyournextcustomer.techweb.com/ 2014-editorial-calendars/ Editorial Calendar informationweek.com/edcal Back Issues E-mail: customerservice@informationweek.com Phone: 888-664-3332 (U.S.) 847-763-9588 (Outside U.S.) Reprints Wright’s Media, 1-877-652-5295 Web: wrightsmedia.com/reprints/?magid=2196 E-mail: ubmreprints@wrightsmedia.com List Rentals Merit Direct E-mail: svigliotti@meritdirect.com Phone: 914-368-1088 Media Kits and Advertising Contacts createyournextcustomer.com/contact-us Letters to the Editor E-mail editors@darkreading.com. Include name, title, ­company, city, and daytime phone number. Subscriptions E-mail: customerservice@informationweek.com Phone: 888-664-3332 (U.S.) 847-763-9588 (Outside U.S.) TimWilson Dark Reading Site Editor timothy.wilson@ubm.com 703-262-0680 KellyJackson-Higgins Dark Reading Senior Editor kelly.jackson.higgins@ubm.com 434-960-9899 IT TARGET: INFORMATIONWEEK, DARK READING, NETWORK COMPUTING Western US (Pacific and Mountain states), Central/ Midwest VP & National Co-Chair, Business Technology Media Sales, Sandra Kupiec (interim contact, N.M., Ariz.) 415-947-6922, sandra.kupiec@ubm.com Wash., Ore., Mont., Wyo., Idaho, Nev., and So. Calif. — Account Director, Matthew Cohen-Meyer 415-947-6214, matthew.meyer@ubm.com No. Calif., Utah, Colo. — Account Director,Vesna Beso 415-947-6104, vesna.beso@ubm.com Texas — Strategic Accounts Director, Michele Hurabiell 415-378-3540, michele.hurabiell@ubm.com Central/Midwest, Account Executive, Silas Chu 415-947-6105, silas.chu@ubm.com Account Executive, Lynn Van 415-947-6157, lynn.van@ubm.com South, Northeast US; Canada and International VP & National Co-Chair, BusinessTechnology Media Sales, Mary Hyland 516-562-5120, mary.hyland@ubm.com Eastern Regional Sales Director, Michael Greenhut 516-562-5044, michael.greenhut@ubm.com Southeast — District Manager, Jenny Hanna 516-562-5116, jenny.hanna@ubm.com Northeast, Eastern Canada — District Manager, Stephen Sorhaindo 212-600-3092, stephen.sorhaindo@ubm.com Mid-Atlantic, R.I. — Account Director, Matt Payne 415-489-6307, matt.payne@ubm.com Fla., Western Canada, International — Account Executive, Anna Maria Charalambous 212-600-3193, annamaria.charalambous@ubm.com Sales Associate, Joseph Van Scyoc 212-600-3387, joseph.vanscyoc@ubm.com Strategic Accounts Strategic Account Director, Vanessa Tormey 805-252-4357, vanessa.tormey@ubm.com Strategic Account Director, Jennifer Gambino 516-562-7169, jennifer.gambino@ubm.com Strategic Account Director, Amanda Oliveri 212-600-3106, amanda.oliveri@ubm.com SALES CONTACTS—CREATE MARKETING SERVICES Director of Client Marketing Strategy, Jonathan Vlock 212-600-3019, jonathan.vlock@ubm.com Senior Manager, Client Marketing Strategy, Blake Cohlan 415-947-6379, blake.cohlan@ubm.com SALES CONTACTS—EVENTS VP, Events, Robyn Duda 212-600-3046, robyn.duda@ubm.com MARKETING VP, Marketing, Winnie Ng-Schuchman 631-406-6507, winnie.ng@ubm.com Director of Marketing, Monique Luttrell 415-947-6958, monique.luttrell@ubm.com Marketing Assistant, Hilary Jansen 415-947-6205, hilary.jansen@ubm.com UBM TECH Paul Miller CEO Marco Pardi President, Events Kelley Damore Chief Community Officer Tom Spaeth CFO David Michael CIO Simon Carless Exec. VP, Game & App Development and Black Hat Lenny Heymann Exec. VP, New Markets Angela Scalpello Sr. VP, People & Culture Copyright 2014 UBM LLC. All rights reserved. RobPreston VP and Editor In Chief rob.preston@ubm.com 516-562-5692 JimDonahue Managing Editor james.donahue@ubm.com 516-562-7980 ChrisMurphy Editor chris.murphy@ubm.com 414-906-5331 ShaneO’Neill Managing Editor shane.oneill@ubm.com 617-202-3710 LornaGarey Content Director, Reports lorna.garey@ubm.com 978-694-1681 DebeeRommel Senior Art Director debee.rommel@ubm.com Business Contacts