BreachExchange mailing list archives
What we’ve learned from malware epidemics
From: inga () riskbasedsecurity com (Inga Goddijn)
Date: Fri, 18 Mar 2016 15:17:24 -0500
http://www.itproportal.com/2016/03/18/what-weve-learned-from-malware-epidemics/ Cybersecurity breaches are the norm rather than the exception today, although they have changed over the years. Theyâre rarely the worms <https://business.kaspersky.com/where-have-all-those-malware-epidemics-gone/2571/> of early 2000âs fame. Instead, malware programs lie in wait â sometimes for months at a time â before springing forth to capture personal identity information (PII), syphon money to undisclosed locations and accounts, and wreak havoc around the cyber-sphere. Over the course of the last decade, as cybersecurity breaches have become more invasive, everyone on the web has been forced to adapt. Indeed, some of the most malicious malware attacks in recent years have incited a major reevaluation of how corporations, security professionals, and individual users approach data management and protection. *Major Malware Hacks in the 21st Century * The Apple ransomware issue <http://www.usatoday.com/story/tech/news/2016/03/07/first-ransomware-macs-surfaces-and-killed-off/81436340/> that occurred a few weeks back is just the latest in a slew of cybersecurity attacks. Other notable malware attacks include the following: 1. *Apple and the Flashback Trojan*: Mac users once believed their devices were impervious to attack until they met the Flashback Trojan <http://www.zdnet.com/article/new-mac-malware-epidemic-exploits-weaknesses-in-apple-ecosystem/> in 2012. The most frightening aspect of this attack is that it required no user interaction in order to spawn. 2. *Sony Entertainment Pictures and the Destover Wiper*: The Sony hack is considered as one of the worst data violations of all time. Hundreds of employee records were breached, as well as confidential emails and project files. 3. *Target and BlackPOS*: Targetâs infamous cybersecurity breach, which occurred during the 2013 holiday season and affected millions of customers, happened as a result of an affiliate company being compromised via malware. The breach cost Target an estimated $162 million and ended in resignations of both the CIO and CEO. These new malware breach tactics are cause for concern. Itâs no longer enough to protect the perimeter <http://www.networkworld.com/article/2931587/network-security/breach-detection-five-fatal-flaws-and-how-to-avoid-them.html>, putting up what co-founder and CEO of the security company Cybereason Lior Div calls a âmoat and castleâ defense. Instead, Div says, information security professionals should adopt a â1,000 points of lightâ model to better safeguard business ecosystems against threats that may be working from the inside out. *Changing Tactics to Defend Against Malware Attacks* Higinio âH.O.â Maycotte, founder and CEO of Umbel, compares fighting attacks like those listed above to chasing bacteria with antibiotics. Security breaches <http://insights.wired.com/profiles/blogs/8-infamous-data-breaches-that-help-build-our-collective-data#axzz41kZrtXsl> are continuously evolving, requiring programmers to stay vigilant and think of more innovative solutions, particularly as hackers add attacks on smartphones and connected devices to their arsenals. Fortunately, every malware attack offers opportunities to improve Internet security practices <http://www.bestsatelliteproviders.com/internet-security-tips/> and processes related to mobile devices and identity and access management. Hereâs a look at some developing cybersecurity tactics and how they can help make the web more secure for all users. 1. *Shifting to an Already Compromised Mindset*. Attacks donât come exclusively from outsider threats â they come from inside organisations, too. As a result, security professionals have started focusing on what to do *when* a breach happens, rather than *if* a breach happens. This means preemptively setting up internal system limits to prevent a breach in one area from allowing access to data elsewhere, effectively limiting the extent of a potential hack. 2. *Conducting Security Risk Analyses*. Audits and analyses should take place regularly, much like an annual visit to the doctor. Companies who do a regular audit of security practices and processes will be able to identify and address potential vulnerabilities. 3. *Developing Best Security Practices*. Every business, big or small, should start to think about vendorsâ security practices, internal rules about data storage and transmission, and basic email and Internet safety. These processes should be kept in a living document so that they can be updated quickly and disseminated easily. 4. *Managing and Monitoring Access*. Greater breach risk means that disorganised identity and privilege management is no longer an option. Proper monitoring improves security for a business because itâs clear who has access to what information. If a breach occurs, itâs easy to track down the culpable device, if not the person responsible. 5. *Investing in Security Awareness and Training*. Employees who compromise security rarely mean to put their employer at risk â often theyâre just trying to get their work done. Corporations can minimise this risk by offering extensive security training and providing the tools and resources needed to protect company assets from a breach. 6. *Automating Security Monitoring Wherever Possible*. Given the scope of most companiesâ data holdings, exclusively manual monitoring isnât enough. Without automation, a security team could waste a lot of time chasing false leads. To combat this, companies should start using automated monitoring, which can help document escalations. 7. *Focusing on the Entire Attack*. Much like a fever shows that a patient has an infection running rampant somewhere in their body, so do malware symptoms indicate deeper complications. Issues may manifest in one location, but itâs likely there are problems elsewhere as well. A thorough investigation beyond the apparently affected area can prevent further damage down the line. 8. *Learning From Others*. Malware attacks often move in trends â similar variations of a single program may be used to attack several different brands or applications. As a result, itâs imperative that information security teams stay abreast of recent hacks and breaches. A company may be able to boost its defenses by avoiding the mistakes a compromised brand made. 9. *Developing a Response Plan*. Hearkening back to the first point on this list, itâs unacceptable to be unprepared for a breach. Companies should have a plan in place in case a cybersecurity hack occurs. Itâll mitigate downtime and prevent more data from leaking. Malware epidemics may be the new norm, but information security professionals arenât sitting idly by. With a proactive approach and an adaptable mindset, corporations and security teams can buck the trend of cybersecurity breaches and provide better protection for users worldwide. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20160318/69bc3f24/attachment.html>
Current thread:
- What we’ve learned from malware epidemics Inga Goddijn (Mar 18)