Report: Security Needs Proactive Approach

Wednesday, January 22, 2014 @ 05:01 PM gHale

This year will bring an increase in targeting of third-party vendors, abuse of the Internet’s new generic top-level domains (gTLDs), and vulnerabilities in Windows XP, a new report said.

In addition, there will be an increased use of encryption to help protect and obfuscate malware; greater use of black markets for buying and selling custom-made malware, and increased targeting of attacks around major events, according to CrowdStrike’s “CrowdStrike Global Threats Report: 2013 Year in Review.”

RELATED STORIES
Report: Execs Still Lack Security Understanding
Senior Mgt Biggest Security Violators
SMBs Not Really Security Aware – Yet
Firms Average 9 Targeted Attacks a Year

In the end, though, security professionals need to change their way of thinking and not react just to exploits.

“Organizations need to take an intelligence driven approach to security — proactively responding to advanced threats by prioritizing their limited resources,” said George Kurtz, chief executive/president and co-founder of CrowdStrike.

The 30-plus page report, which is the product of its year-long study of more than 50 groups of cyber threat actors, discusses the activities of several sophisticated groups of attackers, including:
• The Syrian Electronic Army (SEA)
• A group of China-based attackers, who conducted a number of spear phishing attacks in 2013
• An established group of cyber attackers based in Iran, who carried on several campaigns in 2013, including a series of attacks targeting political dissidents and those supporting Iranian political opposition
• A Russia-based group that collects intelligence on the energy industry
• A China-based actor that targets foreign embassies to collect data on government, defense, and technology sectors

Several organized threat groups are using strategic web compromise (SWC) –called “watering holes” – to penetrate a target by infecting the websites most frequently surfed by its members. There were SWC attacks on the Council on Foreign Relations, the U.S. Department of Labor, and several foreign embassies, the report said.

In the end, it is all about understanding who is attacking and what the attack is, Kurtz said, so the user can “differentiate between targeted and commodity attacks, thus saving time and focusing on the most critical threats to the enterprise.”

The industry needs to move away from just looking at, and reacting to, exploits. It needs to understand “the adversary rather than just the exploits they create,” said Dmitri Alperovitch, co-founder and CTO of CrowdStrike. “This is a great step toward fighting cyber security threats on a new battleground — by identifying and defending against human adversaries, rather than simply trying to block malicious code.”

Click here to register for the report.



Leave a Reply

You must be logged in to post a comment.