Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Hitting back at cyberattackers: Experts discuss pros and cons

Ellen Messmer | Nov. 2, 2012
The questions are being asked more often: When a cyberattack hits your network, is it right to launch a counter-attack of some type to try to at least identify the source if not stop it? Since the wheels of justice do indeed grind slowly, should frustrated IT professionals with security skills take matters into their own hands or hire others to do so?

In the end, though, the idea of "naming and shaming" the cyberattackers has real value, though there's always seems to be another attacker out there to fill the spot.

Sean Bodmer, threat intelligence analyst at security firm Damballa, who has worked hard to combat Russian cybercriminals in organized crime running botnets for financial gain by providing some technical assistance to the FBI with some operations, acknowledged some frustration in it. Speaking at the Hacker Halted conference this week, he said the gravity of what he sees coming from Russian cybercrime and Chinese-related espionage is immense. Law enforcement is "too slow" and they tend to have the mindset that "they're looking for the next big case," he said. He added he's now more optimistic about tactics that involve taking actionable information related to criminal activities and showing it directly to companies such as hosting providers in data centers where they will cut off criminal proxies, for example.

The idea that there should be direct action against attackers taken even in the course of identifying their unwanted presence in a corporate network is growing, however uncertainly. Jonathan Cran, chief technology officer at security firm Pwnie Express, advocated "fighting fire with fire" during his presentation at Hacker Halted. State-sponsored attackers are a fact of life and they will be using phishing, remote-access Trojans, and other stealthy means to accomplish exfiltration of stolen data, he noted. These so-called "advanced persistent threats" in the corporate network suggest there should be more focus on APT "counter attack" to develop "offensive capabilities" that shorten the time from detection to constraint. He said the idea of the typical penetration test needs to evolve into a process that will grant ways to hook the bad guy.

How the security industry will grow to engage -- within the confines of the law -- in active defense tactics is unclear, but sources planning the RSA Conference 2013 say they expect this to become a central theme in session tracks at the conference early next year.

 

 

Previous Page  1  2  3 

Sign up for CIO Asia eNewsletters.