Skip Links

Is your intellectual property secure? Whitelisting can help secure against advanced persistent threats

By Kate Munro, director of marketing, Bit9, special to Network World
July 23, 2012 04:57 PM ET

Network World - This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter's approach.

The country's most sensitive information is not always secure, despite what most citizens believe.

Nation states like China, Lithuania and Russia are deploying targeted, customized attacks controlled by humans in order to gain access to the intellectual property (IP) of government agencies, pharmaceutical companies, security organizations and other high-profile institutions. These advanced persistent threats (APT) are placing massive bodies of knowledge at risk.

Imagine what could happen if a hostile nation breached the Department of Defense and was able to access classified information on plans for smart bombs or biological warfare. Or picture a cybercriminal locking in on a pharmaceutical research lab, closing in on the cure for AIDS, hacking the system and selling the illegally obtained formula to the highest bidder. It's not unheard of. In fact, intellectual property is fast becoming one of the most profitable products on the black market.

BACKGROUND: Advanced persistent threats force IT to rethink security priorities

MORE: Advanced persistent threats can be beaten, says expert

In a recently released report, the National Aeronautics and Space Administration (NASA) disclosed it received 47 APT attempts, 13 of which successfully infiltrated agency computers in 2011. Breaches in NASA's IT networks can negatively affect national security or lead to significant financial loss. In addition, this type of threat leaves NASA's proprietary information and even blueprints for some of nation's most competitive technological innovations vulnerable. [Also see: "2011's biggest security snafus: Was this the year of the advanced persistent threat?"]

In fact, one of the 13 attacks reported in 2011 targeted the Deep Space Network at the Jet Propulsion Laboratory (JPL) and was linked to Chinese IP addresses. According to NASA, with full-system access to key JPL networks undetected intruders could:

· Modify, copy, or delete sensitive files.

· Add, modify, or delete user accounts for mission-critical JPL systems.

· Upload hacking tools to steal user credentials, further compromising other NASA systems.

· Conceal their actions by modifying system logs.

The JPL breach is still under investigation by the Office of the Inspector General.

NASA is just one of the thousands of companies considered "target-rich," meaning their IP and other sensitive data is ripe for cyberattacks and, more specifically, for APT. In 2011, Lockheed Martin, the country's largest defense contractor, was the target of a massive APT when its VPN access system was breached. Fortunately for Lockheed Martin the threat was detected almost immediately, averting potential disaster.

ROUNDUP: The most mortifying moments in IT security history

Since these attacks are customized and targeted, many go undetected by traditional security measures which are only able to blacklist known malware. And the persistent nature of the attack allows the hacker to modify codes and strings until it finds one that can stealthily permeate the enterprises' security system. In fact, the number of APTs detected by antivirus perimeter defenses can be as low as 25%, meaning the majority are free to continue with malicious activities.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News