ComputerWorld.in

The Changing Threat Landscape

In covering the security threat landscape over the years, two fundamental issues have stayed constant. First, the threat landscape continues to evolve and gain sophistication. Second, attackers will always be a step ahead of the defenders in exploiting vulnerabilities across the spectrum of people, process and technologies. But what's different today is the motivation, methods and tools of these attacks: we're no longer fighting an individual hacker, but a highly organized, well-funded crime syndicate, and in some cases, even a state sponsored agent.

As IT security professionals work toward building their high-performance security organization, it will be essential to consider the changing nature of the threat landscape. In particular:

Motivation: Gone are the days when hackers bragged about their latest exploits openly in underground newsgroups to gain fame and notoriety. Today, not only is organized crime involved in these endeavors, they are also looking for big financial gains. Attackers will go after systems that store millions of records. Consider this stat: cybercrime costs $8 billion to the US economy according to US Congress reports, equivalent to the Bahamas' GDP.

Method: Unlike the visible attacks of the past, low and slow attacks provide a systematic and precise attack, where the attackers can take months gathering intelligence on the target and then going after the weaknesses systematically, covering all traces of their presence as they penetrate the different parts of the environment. The ultimate goal is to modify the application in some way where they are able to get a consistent stream of revenue over a long time period--such as the infamous TJX breach.

Tools: The move from manual to automated attacks significantly increases the amount of information and context a machine can extract from unsuspecting users. For example, French researchers have developed an automated social engineering tool that uses a man-in-the middle attack to strike up online conversations with potential victims. They were able to entice users to click onto malicious links sent via chat messages 76% of the time. Add to this the ability of machines to crawl the Web and glean publically available information about you and the results can be astonishingly precise in penetrating through your defenses.