“The Wall Street Journal reported that outsiders had repeatedly penetrated the computer network of Nasdaq OMX Group during the past year.”
Convicted D.C sniper, John Allen Muhammad, along with his 17-year old accomplice, Lee Boyd Malvo, terrorized the Washington region in September and October 2002 as they engaged in a series of apparently random sniper attacks.
Sixteen people were shot. Ten died.
Theirs, though random in nature, resembles the ongoing Cyber warfare that stalks perhaps some of the best security processes that are in place in organizations like the Nasdaq. The great differentiators? Cyber Warfare is systematic and targeted. And sometimes they are quite sophisticated.
This month the company that owns the Nasdaq Stock Market confirmed that its computer network has been infiltrated specifically by way of a service that allows the leaders of companies, including board members, to securely share confidential documents. These persistent reminders to secure the enterprise by employing a multi-layered approach is hopefully becoming less debatable among IT professionals considering the onslaught of security breaches even though we are less than two months into the new year.
Among the casualties of 2011 to date are, eHarmony and five multination oil and gas companies. And in each case the snipers were laser focused on stealing critical proprietary information.. In the case of the oil and gas companies, McAfee reported that the “hackers got into its computers, one of two ways, either through their public websites or through infected emails sent to company executives.
Yet while the debate may be subsiding, it is questionable whether preventative measures to secure new security gaps in the enterprise, once identified, are treated with the urgency that they demand. I have encountered many organizations who readily agree with the findings of a gap analysis as it relates to the security of their network but have settled into complacency; ‘we don’t have the budget,’ or ‘the tools we have in place should do the job.’ And they do, until there is an attack.
In the case of Nasdaq, Bit9’s Endpoint Security solution would have been a formidable defense against the Advanced Persistent Threat (APT) that was leveled against it. The attack included malware delivered by clicking on either a web page, email or an attachment which enabled suspicious files to use a backdoor to deliver additional malware and execute commands. In this instance, as it is with most APTs, the ‘Sniper’ was state-sponsored. Russia.
Bit9’s Parity suite would have detected and blocked the attack. Inherent in its function, is the capacity to maintain a live inventory of all software on all systems. Therefore, all stalkers attempts to infiltrate its computers would have failed. Additionally, Parity Suite leverages its baselining feature to identify suspicious files outside of the approved set of software or its White List. It further utilizes the software reputation service to identify suspicious files or anomalies. Once the first computer is attacked, subsequent computers would have been immediately identified and a command to stop the propagation across all systems would have been executed or banned.
Consider the statistics in light of the complacency that I often encounter:
- Symantec sees nearly 2 million threats every day
- McAfee generates 55,000 unique signatures every day, and estimates there are 2 million malicious web sites appearing every month
- Sophos recieves 95,000 malware samples everyday, and detected 100,000 new fake antivirus products just in December.
And bear in mind that there is nothing random about these attacks. Is the risk worth it?
http://www.abrahamsconsulting.com
