Sunday, January 29, 2012

Targeted Individual - persistent advance threat

The new security treat is advanced persistent threat (ADT) attack when an individual target is researched and the malware program is customized so the threat signature goes undetected. In the crime arena, we would consider this crime of opportunity.

The hacker crafts a malware program allowing back door entry into your computer system allowing theft of property, ideas, drawing, and various building and production plans at the corporate level. Today the targets go behind household zombies, but corporations with significant resource, both financially and technologically.

The latest and most sophisticated attacks involve installing remote administrator tools (RATS) on command and control servers on corporate networks. Many of these attacks are developed over months and years to infiltrate various systems.

To counter these attacks, the Open Information security Foundation (OISF) is building the next generation intrusion detection system / intrusion prevention system (IDS/IPS) engine. One protection strategy is to use a layered security technology in addition to user training and education.

Since hackers often find ways to get around perimeter protections, the focus becomes controlling out bound data and communications used to steal information. We need to use best practices to secure data and control the fact that information cannot leave the network or be off loaded.

Implementing security initiatives by protecting mission critical systems via network segmentation and virtual local networks can limit damage. Additional security can be enhanced by limiting peer to peer sharing.

Prevailing wisdom suggest all networks will be potentially compromised so the appropriate response is critical. Currently it can be difficult to find a compromised system which makes correcting issues difficult. One approach is to analyze logs to look for indicators of an intrusion. This usually take the form of internal traffic being redirected to an unauthorized domain name system (DNS) server.

Security top ten

1. Improve security awareness and training among staff

2. Enforce security controls during concept phase

3. Encrypt data on removable media devices

4. Protect passwords change cycle

5. Develop social media program to enhance and protect assets and reputation

6. Review access to key assets frequently (limit privileged access)

7. Develop application white list for employees who manage sensitive data

8. Conduct risk assessments

9. Engage complex authentication

10. Limit access to sites or warn about potential spyware and malware issues