Security Management Strategies for the CIOAccess "Customized malware programs require new response, experts say"
This article is part of the December 2010 issue of Inside the Data Accountability and Trust Act and what it means for security
When investigators at Trustwave's SpiderLabs forensics team responded to a breach at an international VoIP provider earlier this year, the conditions they found at the provider's data center were appalling to say the least. Servers containing data on 80,000 customers were located in a rundown barn. To make matters worse, the investigators had to endure the odor from about 20 farm cats living among the equipment. The third-party hosting service looked professional; its website boasted of hundreds of customers and even included pictures of a hardened data center. The VoIP provider was the target of customized malware -- a rootkit -- which took advantage of the hosting service's weaknesses. The VoIP provider realized it had a problem only after customer complaints came pouring in -- months after the malware did what it was designed to do. The cybercriminals were long gone, says Jibran Ilyas, a senior security consultant for Spiderlabs. Customized malware is a growing problem, he says. Poor network configurations, shoddily deployed security software, and an over... Access >>>
Access TechTarget
Premium Content for Free.
What's Inside
Features
-
-
Disaster recovery and contingency planning security considerations
Security must be included in disaster recovery planning to ensure sensitive data is protected.
-
Customized malware programs require new response, experts say
Cybercriminals are taking advantage of poorly deployed security software with customized malware designed to infiltrate systems and steal data without being detected.
-
Disaster recovery and contingency planning security considerations
-
-
Understanding the Data Accountability and Trust Act
by Richard E. Mackey, Jr., Contributor
The Data Accountability and Trust Act, if passed into law, would create a national standard for privacy and data protection.
-
Vendor risk management and the CISO
by Eric Holmquist
The CISO has a key role in reducing the risk of sharing sensitive corporate data with third parties.
-
Understanding the Data Accountability and Trust Act
by Richard E. Mackey, Jr., Contributor
-
Columns
-
Cloud computing technology: Don't get left behind
Cloud computing presents a lot of security issues but security professionals need to accept the challenge.
-
Career advantages of security professional certifications and advanced degrees
by Lee Kushner and Mike Murray
Choose wisely when pursuing industry certifications and advanced degrees to gain the best competitive advantage.
-
Internet privacy laws will get attention in the next Congress
by Judith Harris, Christopher Cwalina, and Amy Mushahwar
In the 112th Congress, enterprises can expect a heavy focus on Internet privacy issues on Capitol Hill.
-
Cloud computing technology: Don't get left behind
More Premium Content Accessible For Free
Compliance and risk modeling
E-Zine
You can fight compliance or embrace it, but one way or the other, you can’t escape it. Increasingly, smart organizations are not just accepting ...
Essentials: Threat detection
E-Zine
Antivirus and intrusion prevention aren’t the threat detection stalwarts they used to be. With mobile endpoints and new attack dynamics, enterprises ...
Managing identities in hybrid worlds
E-Zine
The world in which successful IAM programs must be implemented is increasingly complex, a mix of legacy on-premise IAM infrastructures, cloud-based ...