Posted by: psilva | June 14, 2011

Custom Code for Targeted Attacks


Botnets?  Old school.  Spam?  So yesterday.  Phishing?  Don’t even bother…well, on second thought.  Spaghetti hacking like spaghetti marketing, toss it and see what sticks, is giving way to specific development of code (or stealing other code) to breach a particular entity.  In the past few weeks, giants like Sony, Google, Citibank, Lockheed and others have fallen victim to serious intrusions.  The latest to be added to that list: The IMF – International Monetary Fund.  IMF is an international, intergovernmental organization which oversees the global financial system.  First created to help stabilize the global economic system, they oversee exchange rates and functions to improve the economies of the member countries, which are primarily the 187 members of the UN. 

In this latest intrusion, it has been reported that this might have been the result of ‘spear phishing,’ getting someone to click a malicious but valid looking link to install malware.  The malware however was apparently developed specifically for this attack.  There was also a good amount of exploration prior to the attempt – call it spying.  So once again, while similar to other breaches where unsuspecting human involvement helped trigger the break, this one seems to be using purpose built malware.   As with any of these high-profile attacks, the techniques used to gain unauthorized access are slow to be divulged but insiders have said it was a significant breach with emails and other documents taken in this heist.  While a good portion of the recent attacks are digging for personal information, this certainly looks more like government espionage looking for sensitive information pertaining to nations.  Without directly pointing, many are fingering groups backed by foreign governments in this latest encroachment.  

A year (and longer) ago, most of these types of breaches would be kept under wraps for a while until someone leaked it.  There was a hesitation to report it due to the media coverage and public scrutiny.  Now that many of these attacks are targeting large international organizations with very sophisticated methods there seems to be a little more openness in exposing the invasion.   Hopefully this can lead to more cooperation amongst many different groups/organizations/governments to help defend against these.  Exposing the exposure also informs the general public of the potential dangers even though it might not be happening to them directly.  If an article, blog or other story helps folks be a little more cautious with whatever they are doing online, even preventing someone from simply clicking an email/social media/IM/txt link, then hopefully less people will fall victim.  Since we have Web 2.0 and Infrastructure 2.0, it might be time to adopt Hacking 2.0, except for the fact that Noah Schiffman talks about misuse and all the two-dot-oh-ness, particularly Hacking 2.0 in an article 3 years ago.  He mentions, ‘Security is a process’ and I certainly agree.  Plus I love, ‘If the term Hacking 2.0 is adopted, or even suggested, by anyone, their rights to free speech should be revoked.’  So how about Intrusion 2.0?

ps

Resources:

Technorati Tags: F5, data breach report, threats, Pete Silva, security, malware, technology, phishing, cyber-threat, social engineering, attacks, virus, vulnerability, web, internet, cybercrime, identity theft, scam, data breach, rsa, lockheed, imf

Connect with Peter: Connect with F5:
o_linkedin[1] o_rss[1] o_facebook[1] o_twitter[1]   o_facebook[1] o_twitter[1] o_slideshare[1] o_youtube[1]
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Categories

%d bloggers like this: