Access your Pro+ Content below.
Customized malware programs require new response, experts say
This article is part of the December 2010 issue of Information Security magazine
When investigators at Trustwave's SpiderLabs forensics team responded to a breach at an international VoIP provider earlier this year, the conditions they found at the provider's data center were appalling to say the least. Servers containing data on 80,000 customers were located in a rundown barn. To make matters worse, the investigators had to endure the odor from about 20 farm cats living among the equipment. The third-party hosting service looked professional; its website boasted of hundreds of customers and even included pictures of a hardened data center. The VoIP provider was the target of customized malware -- a rootkit -- which took advantage of the hosting service's weaknesses. The VoIP provider realized it had a problem only after customer complaints came pouring in -- months after the malware did what it was designed to do. The cybercriminals were long gone, says Jibran Ilyas, a senior security consultant for Spiderlabs. Customized malware is a growing problem, he says. Poor network configurations, shoddily deployed ...
Access this Pro+ Content for Free!
Features in this issue
Security must be included in disaster recovery planning to ensure sensitive data is protected.
The Data Accountability and Trust Act, if passed into law, would create a national standard for privacy and data protection.
Cybercriminals are taking advantage of poorly deployed security software with customized malware designed to infiltrate systems and steal data without being detected.
The CISO has a key role in reducing the risk of sharing sensitive corporate data with third parties.
Columns in this issue
Cloud computing presents a lot of security issues but security professionals need to accept the challenge.
Choose wisely when pursuing industry certifications and advanced degrees to gain the best competitive advantage.
In the 112th Congress, enterprises can expect a heavy focus on Internet privacy issues on Capitol Hill.