Skip Links

How malware defeats strong security controls

IT Best Practices Alert By Brian Musthaler, Essential Solutions, Network World
August 30, 2012 03:56 PM ET
Sign up for this newsletter now!

The CIO-level business angle on the latest tech

The 2012 Verizon Data Breach Investigations Report shows that organizations often don't know for weeks, months, or sometimes years that they've been breached. The report indicates that 92% of organizations with a significant incident learned of the breach through notification from an external party, while only 6% of breaches were uncovered through internal monitoring, such as reading security logs.

Decrypting the 2012 Verizon Data Breach Report

"Unfortunately, as our research has shown for the last several years, third parties discover data breaches much more frequently than do the victim organizations themselves," Verizon says.

If you keep current with cyber security news you know Verizon has it right. Moreover, it's not a secret that attackers craft custom malware to slink past enterprise defenses, and that on any given day any organization can be compromised. That's the unfortunate reality of where information security stands today.

Malicious activity by such as malware and Advanced Persistent Threats (APT) are being used by well resourced, highly motivated, stealthy and patient actors who are adept at disguising their presence and their activities. For the most part, such attacks are carefully planned and crafted, and depend on knowledge of specific targets.

According to Verizon, "the most common malware infection vector continues to be installation or injection by a remote attacker. This covers scenarios in which an attacker breaches a system via remote access and then deploys malware or injects code via web application vulnerabilities. Its popularity as an infection vector likely stems both from the attacker's desire to remain in control after gaining access to a system, and its use in high-volume automated attacks against remote access services. This is most evident in the broader financially-motivated crimes (such as payment card breaches) where malware is not typically the initial vector of intrusion, but rather is installed by the attacker after gaining access. This is not always true for other genres of attacks. With IP theft scenarios, malware often provides the entry point after a successful social attack such as a phishing email."

Taking this meme one step further is Trusteer with its white paper No Silver Bullet: 8 Ways Malware Defeats Strong Security Controls. The paper provides an overview of how cybercriminals are successfully using advanced measures to circumvent security methods using a combination of technology and social engineering.

Specifically the report details the different techniques used by cybercriminals to defeat security controls and commit fraud that have been mapped into different stages in a banking and financial transaction's life cycle, as follows:

o Pre-login, before the user initiates a transaction. Attack methodology: Exploiting browser vulnerabilities and code obfuscation

o Login, while the user is logging into the web application. Attack methodologies: Bypassing virtual keyboards and real-time theft of two-factor authentication credentials

Linda Musthaler is a principal analyst with Essential Solutions Corporation.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News