08.19.13

The cyber-attacks transformation

For quite some time, the cyber-attacks are not the intelligence agencies and countries sole possession. They are also used by corporations who want to know everything about their competitors.

Today, the usage is almost constant in the private sector as part of execution of transactions and have become a significant burden for companies and various organizations.

Around one-third of the companies are aware of digital attacks against them. Unfortunately for the companies, while network-based protection recorded significant progress in recent years, enterprise computers, laptops and handheld devices continue to be vulnerable to security threats that are used for hacking into the organizations.

December 2006, London

The Lexington storefronts were even more beautiful than usual. However, the Syrian commissioner, let’s call him Hamid for now, was in a bad mood. He led a complicated negotiations processes with the North Koreans under precise guidelines: The building of the secret nuclear reactor at Deir Al-Zur in northern Syria, must go as planned. Hamid was tired of the tenacity of the Koreans. Happily, he had the whole afternoon free. He left his laptop in the hotel room and went shopping.

What Hamid did not recognize is while he was walking the streets of London, he was followed by a secret intelligence team. Meanwhile, another team came into his hotel room, broke into his laptop, copied the documents that were created and installed a Trojan horse that allows spying on his future actions. Hamid’s laptop data provided the vision that ultimately led to an air strike on Syrian nuclear reactor that was destroyed later on in September 2007.

2011, somewhere in the U.S.

Inside the giant corporation Du-Punt, a particularly stressful day passes on the CEO of the industrial chemicals business unit, let’s call him Burns, who was involved in an intensive negotiations in an attempt to buy a British rival company.

Burns was very tense. He remembered well that his annual bonus, which he planned on in order to pay for his son’s university studies, is depending on the success of this bid.
He leaves the office to get some fresh air, and stops at Starbucks to go to the final bid that he intends to file the next day. As he passes on his emails he notices a particular message from one of the company workers in the UK. When he opens the attached PDF file, his computer responds a little slower than usual, and then an invoice for dry cleaning appears on the screen. He rolls his eyes. The employee must have confused between Burns and the bookkeeper of the department.

Burns did not notice the whole thing was fake. The real sender attached a PDF file containing unknown “zero day” code that exploited a software weakness to run its malicious code. Overnight, the malicious code copied files from Burns laptop packed and sent to a server that was installed specifically for this attack. Not surprisingly, a rival corporation’s bid to acquire the British company was just enough to win the tender. Two years later, the code will be identified in the National Vulnerability Database as CVE-2013-3341.

These two events that happened within five years in two different continents, only emphasize how much cyber-attacks has changed. No more targeted attacks only on national assets, cyber-attacks have become much more oriented towards corporations and become more and more common. A whole industry of attacks directed at corporations that include theft of intellectual property, access to commercially sensitive information and even DDOS attacks. Only this year, published blogs about Twitter accounts hacks, attacks on Korean banks and other espionage on news organizations like the New York Times.

Part of the reason why such attacks grow all the time is that most security solutions still focus on network security peripherals (think of it as a fence around the house). This kind of security is still of value and solutions in this area are improving all the time, however the end points remain protected by old technologies.

What can be done?

Security companies must adopt more modern approaches to protect endpoints.

First – Hardening the operating systems in order for block whole malicious families by making common attacks impossible. Instead of focusing on signature of one harmful software or fix vulnerabilities one by one, this type of technology neutralizes most malicious techniques, because there are only handful of hacking techniques used by hackers, blocking them is excellent protection.

Secondly – Sandboxing. This approach uses virtualization-based techniques to accommodate potential violations of applications, limiting the spread of harmful computer software.

Third – Other more ‘generic’ methods.

The modern enterprise must defend itself against targeted attacks and must use these new strain of endpoints protection if it wants to prevent becoming another statistics number in the targeted cyber-attacks list of corporations.