|
[IMAGE] [IMAGE] [IMAGE] [IMAGE]
[IMAGE] [IMAGE] [IMAGE] [IMAGE]
[IMAGE] [IMAGE] 5 Ways to Avoid Today's Cyberthreats
[IMAGE]
[IMAGE] [IMAGE] [IMAGE] [IMAGE]
[IMAGE]
[IMAGE] [IMAGE] [IMAGE] [IMAGE]
Today's cybercriminals are savvy, but strong defenses can keep them from targeting your organization. Here are a few tips:
- Don't forget the basics. Continue to take a layered security approach, keep patches updated and hold hardware/software suppliers accountable for flaws. Egress filtering can also track what leaves your network.
- Fortify Web applications and the client. These are the key targets of today's cybercriminals. Educate programmers on secure coding practices, using the Open Web Application Security Project guide as a model. Upgrade endpoint security solutions to protect desktops and mobile devices.
- Look at your products as if you're a cybercriminal. Think outside the box. Imagine how vulnerabilities could be exploited and investigate unintended uses of your systems and applications.
- Integrate security ops into day-to-day ops. Do forensic data collection when restoring hosts instead of simply wiping and reinstalling.
- Train your IT and operations staff. Your security posture is only as sound as the people working with systems. Invest in their ongoing education.
Source: Ernie Hayden, CISO and manager of enterprise information security at the Port of Seattle, and Information Security advisory board member
[IMAGE]
[IMAGE] [IMAGE] [IMAGE] [IMAGE]
[IMAGE]
[IMAGE]
To continue reading for free, register below or login
To read more you must become a member of SearchSecurity.com
ebar type1 -->
Transacting Trojans
Backed by that kind of intelligence, Trojans are becoming more insidious. While most can record keystrokes, mouse movements and screenshots, and then send them to a third party, others have forsaken the ability to transmit information in favor of acting in real time--a devious twist on the zero-day attack concept.
Some Trojans, for example, don't trigger until users log in to their online bank accounts, then transact on their behalf, moving money from one account to another.
"Trojans that transact are the Holy Grail," says Amir Orad, VP of marketing at RSA Security. "This new generation of Trojans collects information that is used on the spot. You don't have the time gap; these are zero-day, real-time attacks."
Botnets offer attackers a lot of power, but don't necessarily require much technical skill.
"We're seeing a huge flood of people who aren't so talented or tech-savvy running these botnets. We find people using an IRC botnet server who have little knowledge of how IRC works, so they're playing with commands. Here they have thousands of hosts at their disposal, waiting for commands, and they're fumbling around trying to figure out what to do," says Jose Nazario, senior security engineer with Arbor Networks.
Once they figure out what to do, attackers quickly find people who will pay them for the botnet's services, whether that's installing adware and spyware on zombie machines, or launching a DDoS attack against a competitor.
Botnet operators appear to be from a variety of places-- mostly the U.S., Russia, Romania and Brazil, Nazario says. The sharper ones have developed simple, effective ways to manage their botnets; they know exactly what capabilities the various bots have and where they're located.
TaoSecurity's Bejtlich says that botnet command-and-control, once contained to IRC, is moving to the Web. Hackers are developing Web-based control mechanisms that export data as normal HTTP or HTTPS traffic. He advises that security managers proxy Web traffic wherever it leaves enterprise networks and filter the content.
|
 |
|
