Cy­ber Crim­i­nals are Out There

The DQWeek (Chennai) - - EDIT - (ra­jneeshd@cy­berme­dia.co.in)

The media is buzzing with sto­ries of state­spon­sored hack­ing, so-called ad­vanced per­sis­tent threats, and high-pro­file data-theft at­tacks by cy­ber­crim­i­nals. So what does this mean to ev­ery­day busi­nesses own­ers and man­agers (com­pa­nies that aren’t de­fense con­trac­tors or gi­ant cor­po­ra­tions)? It means watch out.

The wildly suc­cess­ful tech­niques used in state­spon­sored at­tacks are mov­ing down a "mal­ware adop­tion life­cy­cle." Yesterday’s mil­lion-dol­lar, wellplanned, high-pro­file at­tacks are quickly be­com­ing $25 ex­ploit kits avail­able online to armies of low-level hack­ers. Con­sider this "phase two" of ad­vanced threats. The army of prof­it­driven hack­ers is us­ing the same ad­vanced tech­niques to steal any data that they can get their hands on to sell, fence or ran­som. No one is safe, be­cause tra­di­tional de­fenses don’t work against ad­vanced mal­ware. And the cy­ber­crim­i­nals are tar­get­ing ev­ery kind and size of busi­ness. This is the part of the story that peo­ple need to hear: While the big-name breaches get the head­lines, too many com­pa­nies get lulled into a false sense of se­cu­rity think­ing that they are safe be­cause they don’t have state se­crets. From state-spon­sored groups, to crim­i­nal gangs, and ul­ti­mately to in­di­vid­ual hack­ers—they are hit­ting any busi­ness with any­thing of value. Be­cause that’s where the money is. And it’s easy pick­ings be­cause an­tivirus soft­ware is de­fense­less against these ad­vanced meth­ods.

Look, mod­ern mal­ware cir­cum­vents AV and fire­walls, so you sim­ply can’t rely on these tech­nolo­gies or on patch man­age­ment to pro­tect your or­ga­ni­za­tions. We need to ex­am­ine both in­bound and out­bound con­tent traf­fic to min­i­mize risk. Be­cause, if you com­bine these ex­ploits with some well crafted so­cial en­gi­neer­ing, or­ga­ni­za­tions will con­tinue to be vic­tim­ized. Or­ga­ni­za­tions need to ex­am­ine— in real time—the sub­stance of each web­site vis­ited and in each email to ef­fec­tively bat­tle this mal­ware life­cy­cle.

RA­JNEESH DE

Newspapers in English

Newspapers from India

© PressReader. All rights reserved.