CRIME: The Sophisticated Hackers

Sophisticated attackers have eclipsed hackers as the largest threat to organisations, as protecting the amount of data in an organisation proves to be more challenging. Speaking at the Symantec Vision conference in Barcelona, Francis deSouza, senior vice president of the enterprise security group at Symantec, said that there are four key trends when it comes to the threat landscape: attackers; complex heterogeneous infrastructure; information explosion; and the increasing cost of a security breach.

He commented that it was clear from analysis of the Stuxnet worm that such a sophisticated threat was not written by casual hackers. He said: “This was written by a very sophisticated team that has deep skills that crossed a number of different areas and that invested a number of man years into creating this piece of malware.”

Looking at the first key trend, De Souza said: “The hackers have really changed over the past few years, four years ago I would have talked about the primary drivers were that hackers were trying to take down infrastructure. But today hackers have dropped out of the top three in terms of factors driving security attacks, the number one group driving security attacks today are the sophisticated attackers.

“Hackers have dropped to number four, number two and number three driving attacks today are actually insiders, the number two group are well-meaning insiders such as employees or contractors or customers who have legitimate access to a corporate network, but inadvertently do things that put an organisation at risk.

“The third group are actually malicious insiders who have legitimate access to the network but are actually deliberately stealing information. They are doing it because they are disgruntled, or have discovered a profit motive to be had in stealing corporate information.”

He went on to claim that the second big trend was around the infrastructure that organisations have to protect, specifically as sophisticated attackers use evolved attacks. He said that the techniques being used are very different from those of hackers, particularly with the emergence of ‘custom malware’ to create an attack.

He said: “Custom malware means that you have never seen that file before. Some of the old methods of doing security around signature-based security just won’t work because you will not have seen that file before so you will not have a signature for that file and will not be able to block it.”

He said that CIOs have more to protect in their environment than ever before, such as more equipment in the data centre, more endpoints and more people to protect because suppliers and contractors reach into the network.

“Also the amount of information that they have to protect is growing expedentially, almost across industries, organisations are telling us that the amount of information that they have to protect is doubling every two years, that is a massive amount of growth,” he said.

“In addition to the amount of information, they are realising that the amount of confidential information is growing. They are seeing an information explosion and more that they need to protect.”

Via SC Magazine