Organizations could be doing a lot more to prevent information security breaches. That’s one of the key findings of Verizon Enterprise Solutions’ 2015 Data Breach Investigations Report
All about Virtualization and Cloud Security | Recent Articles:
Telecommunications is one of those industries that many people take for granted—until service is interrupted for one reason or another. We’re accustomed to being connected, whether it’s through our mobile devices or landline phones at home or in the office.
Businesses as well as consumers are highly dependent on telecom companies and the communications infrastructure they provide, and if their operations are down for any length of time, it wreaks havoc. That’s why the cost of a security breach at telecom’s are high.
When it comes to security vulnerabilities and threats, you might not think about the media and entertainment industry in the same way you’d consider, say, financial services, healthcare and retail. Companies in these latter industries handle a lot of personally identifiable customer information or present potentially attractive financial targets for hackers.
Recently, there has been quite a bit of media coverage about some sensitive, private pictures of celebrities stolen and published. While we have seen similar incidents in the past (from celebrities to British royals’ mobiles being compromised), this incident is focused around consumer-centric cloud offerings from heavyweight companies.
When incidents like this happen, the popular knee-jerk reaction tends to be to find someone to blame. In this case, the candidates are:
1. The attackers
2. Consumer-centric cloud services providers (used on iOS, Android, Windows Mobile, for example)
3. The celebrities themselves
Of course, the attackers are ultimately responsible, but it is interesting to see the service provider and the end-users sharing a piece of blame assigned by some (the Internet provides a forum for everyone who wishes to share their opinion, for better or worse).
Several weeks ago we started a series dedicated to considering APTs (Advanced Persistent Threats) and possible ways to mitigate them. In the first post we strived to define and “contain” the APT as category of threats as the term is abused, and today most all the sophisticated attacks are presented as APTs – the supreme evil.
Working from the definition, we now remain with two aspects:
#1: Advanced – as APTs are sophisticated, out of the range even for organized crime networks – “we are sorry, no botnets or banking trojans allowed”.
#2: Persistent – as we have seen and described, we are talking about organized attackers with myriad resources - the most important being time and patience, until they can reach their objective. A modern characteristic is that they prefer, with few exceptions, the “low and slow” approach; doing “the job” as silently as possible.
The thesis we don’t agree with is that APTs can pass over any antimalware technology. As a matter of fact, the majority of their components have been spotted-out as suspicious files prior to being investigated and detection being added.
Distributed Denial of Service (DDoS) attacks have started to grow in intensity and sophistication as more companies rely on web-based applications for their daily business operations. In the past few months, such attacks have become the weapon-of-choice for cyber criminals in every corner of the world because they hardly ever miss their target(s). Taking the analogy further, I would say that these insidious attacks are as precise and merciless as a DSR-50 riffle is for a trained sniper.
What makes DDoS attacks a bad dream for even the most experienced of IT admins is their distributed nature, as the very name suggests. This means that not only one, but a multitude of compromised systems (also known as botnets or bots) seize the target host with simultaneous requests through a breach in the system, which thereby becomes saturated and unavailable to user access.
This is the first post in a series dedicated to the trendiest, most disputed and most used acronym in the recent history of information security. My purpose for this series of three posts is to define the phenomenon (as we see it), to take a look at possible counter-measures – a review of the self-denominated “next generation security solutions” – and finally to try to come up with an effective response that shouldn’t cost you a fortune.
I. The WHY
Why have I decided to dedicate a series of posts to APTs (Advanced Persistent Threats), in context?
The answer is simple; after having seen and read a lot of literature on this topic and after directly observing, first-hand, several APTs, the worry is that the more this is written about, the more it is adding to the confusion of notions or the intentional or unintentional misclassifications and the marketing veils that create further confusion.
Small and medium businesses should shore up their defenses as allegations of rampant spying and massive security breaches cast a pall of doubt on the safety of the Internet. Here’s some advice to help SMBs cope with growing risks and keep expenses under control.
Studies show that data security can be a crucial issue of customer/client trust. In the wake of the Snowden NSA leaks, SMBs are at greater risk than huge corporations, as they have limited money for cyber-security.
From netbooks to smartphones and picture-playing devices, employees become more and more tech-savvy and bring a wide variety of Internet-connected devices to the office. To increase efficiency and mobility, they commonly access corporate data and networks on the go, while chatting with friends, posting social media messages, listening to music and sharing pictures online.
We see, day after day, real and so-called security experts announcing the newest security apocalypse we face. Claiming that antivirus is a dead technology, they invite you to uninstall it and buy new next-generation technologies that will automatically collect, analyze and detect malicious intentions of attacks or data compromise from the moment they are born in the minds of the bad guys.
Sometimes they come from people more or less familiar with the topic - Is Anti-Virus Scanning/Detection Obsolete? - and you can see that most of the opinions there are not so negative, apart from the classic advertising for some AV brands. Other times they come from specialists in the field, trying to give an opinion or just sell their “stuff”.
In my last blog post I began a conversation about virtual patching. In this post, I’ll further the discussion by talking about why effective virtual patching at the network is so difficult.
The story really begins by considering context, or really, the lack thereof. If a vulnerability exists in an application (a web application, or a browser) there is a certain context associated with the application that is difficult to be aware of at a point outside of the application. The simplest example is a session. A web application may create a session when a user logs-in, destroying the session after a period of inactivity, or when a user logs-out (and when was the last time you logged-out instead of just closing the browser window?).