Direct attacks get smarter
Security threats will not go away anytime soon and within the next three years, advanced persistent threats are expected to fundamentally change the way business deals with security.
This is according to Greg Day, McAfee director of security strategy for Europe, Middle East and Africa, who will be speaking at the sixth annual ITWeb Security Summit being held at the Sandton Convention Centre between 10 and 12 May.
APTs are sophisticated continuous hacking attacks aimed at espionage in organisations and governments. Day explains APTs deliver ongoing attacks using multiple methods until the cyber criminal is successful and is able to steal personal information for financial or political gain.
“Cyber attacks [such as APTs] are no longer going to be like random drive-by-shootings but will be targeted threats. It's no longer going to be about how a business defends itself but for how long it can defend for,” warns Day.
Examples of APTs include denial-of-service attacks, taking over of IT systems and ransoming services, as well as politically motivated attacks.
This, he says, was seen with WikiLeaks' supporter group 'Anonymous', hackers which targeted attacks on organisations such as Bank of America, because they refused to process transactions relating to WikiLeaks.
Day says the real threat lies where APTs gain complete control over large organisations' IT systems and then demand ransom from the organisation to not disclose information to the public.
He points out that business will need to place an additional layer of network security and collect security intelligence in the event of a cyber attack, and to prevent sensitive information being removed from the company.
“One of the biggest challenges is that compromised businesses assume that they've been targeted by an everyday attack. Businesses need to recognise APT threats as far more specific attacks.”
He points out other ways cyber criminals are rolling out APT attacks; tricking end-users into opening e-mail attachments with Trojans, or using social engineering attacks.
Day says: “There needs to be more education given to the end user (on APTs). The area most lacking in business, is viewing security and threat prevention as a one-way street.
“If the hacker gets in, he must not be able to take data back out of the business.”
He indicated that business is generally focused on reacting to security threats and not doing enough to proactively prevent them.
“The problem with APTs is getting worse, and in many ways business is not evolving its security systems at the same pace as the threats.”
According to a Symantec MessageLabs Intelligence Report released in October 2010, 0.5% percent of all attacks over the past two years increased to 25% in October characterised by a retail organisation that was the intended recipient of three waves of highly targeted spear-phishing attacks. In October, one in 1.26 million e-mails comprised of a targeted attack.
MessageLabs Intelligence senior analyst Paul Wood states in the report: “We have seen a constant influx of targeted attacks over the past six months with the type of organisation targeted changing on a monthly basis and the number of targeted users increasing each month.”