Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

BLOG: Two-byte criminals

Spencer Parker | Oct. 14, 2011
The trickle-down effects of advanced persistent threats.

The increase in sophistication and abilities of computer hackers and malware programmers worldwide is, unfortunately, rather common news. Hospitals, governments, and banks have all come under attack from anonymous hackers using powerful technology. They steal any data or sensitive information that can be sold or held to ransom. And as hacker's tools become more advanced, so too has the threat of malware. The targets are also increasingly no longer multinationals and governments, but everyday business owners and managers. 

As our most recent threat report showed, over half of data-stealing attacks occur via the internet. Many professionals believe they are already taking the necessary action to protect themselves; cyber security is still the most pressing concern for organisations of any size.

What we see today is businesses reporting significant losses resulting from attacks, even at the low end of the profit spectrum. This is partly down to the rise in APTs (Advanced Persistent Threats). APTs are the result of well-funded, technically advanced, focussed criminal groups. Over time, the technology involved in major headline incidents trickles down to become available in a number of low-cost kits. This has always been the case, however the difference today is that the malware lifecycle has sped up dramatically. The time difference between US$1000k+ innovative malware and a US$20 ready-to-run kit is now months rather than years. Combine this with poor patching still prevalent in businesses of all sizes and it becomes a lethal cocktail.

Much damage with little know-how

This means that any would-be hacker can cause thousands of pounds worth of damage with very little outlay or technical know-how. Using the same advanced tactics as big-time hackers, lower level cyber criminals focus on stealing data or private information. Their methods are increasingly diverse and technically advanced, and this is one of the reasons why they can be so damaging to small and medium businesses alike.

Four days after the Aurora hack on Google last January, the code used was available worldwide. Within 18 months, there had been 5,800 attacks using the very same code. As time goes on, far from losing its potency, more people get hold of this type of code. The risk widens to businesses who may not even consider themselves a target.

Even the biggest players on the Web aren't immune - the very ones who often think their existing defences will suffice. How many organisations are completely on top of the patch management game? Some might delay patches or batch them together to deliver at a single time, but the longer the delay, the longer you extend the length of efficacy for malware and extend the lifecycle of that exploit. That's why the inclusion of these exploits in kits still happens-even though there are patches, they still work on enough machines to make it worth their while.

 

1  2  Next Page 

Sign up for CIO Asia eNewsletters.