Targeted cyber attacks test enterprise security controls
Thursday, April 8, 2010 8:19Targeted cyber attacks of the sort that hit Google and more than 30 other tech firms earlier this year are testing enterprise security models in new ways and pose a more immediate threat to sensitive data than a full-fledged cyber war.
They’re also an “existential threat” to the U.S., a top FBI official said last week.
[ Recent cyber attacks highlight cyber threats facing the United States. | Also on InfoWorld: "Researchers track cyber-espionage ring to China." | InfoWorld's Roger Grimes explains how to stop data leaks in an enlightening 30-minute Webcast, Data Loss Prevention, which covers the tools and techniques used by experienced security pros. ]
Unlike older email and network-borne worms and viruses, targeted attacks are stealthier and can give adversaries a way to break into an enterprise network — and stay hidden there for a long time. Typically, the goal behind such attacks is to snoop and to steal sensitive information.
State-sponsored groups with deep technical skills and computing resources have been directing such attacks against government and military targets for several years now. But the increasing number attacks, and the fact that they have begun to spill over into the commercial arena, have prompted some people to speculate about whether the U.S. is in the midst of a cyber war.
Not war — yet
The consensus: Not yet. Instead, the targeted attacks highlight what’s called the advanced persistent threat (APT) facing U.S commercial entities. The attacks typically rely on sophisticated social engineering techniques to exploit previously unknown security vulnerabilities, and they’re difficult to fend off because they’re designed to elude the signature-based malware-detection tools traditionally deployed at most companies.
Most attacks use social engineering to trick people with access to key information into opening tainted emails or other communications.
