+

Cookies on the Business Insider India website

Business Insider India has updated its Privacy and Cookie policy. We use cookies to ensure that we give you the better experience on our website. If you continue without changing your settings, we\'ll assume that you are happy to receive all cookies on the Business Insider India website. However, you can change your cookie setting at any time by clicking on our Cookie Policy at any time. You can also see our Privacy Policy.

Close
HomeQuizzoneWhatsappShare Flash Reads
 

Companies Can Do Little To Avoid The Next Wave Of Cyber Attacks

Jan 25, 2014, 03:48 IST

via Crowdstrike

US cyber security firm Crowdstrike recently released its 2013 Global Threat Report on state and non-state sponsored cyber espionage campaigns, and it has some scary implications.

Advertisement

In short, if the last handful of years were about spearphishing attacks, the next few will be about "Strategic Web Compromises."

SWCs function completely different from spearphishing attacks.

Spearphishing is essentially an email that looks like it comes from a legit source - a coworker, an Internet company, or a friendly professional. Inside the email is either a link or an attachment.

That attachment/link is often titled something hyper-relevent - like "2014 W2," or, in the case of a bunch of diplomats attending a G20 in Paris, "Naked Pics Of Nicholas Sarkozy's Wife."

Advertisement

An SWC - what IT pros call a "watering hole" attack - is a much more passive attempt at getting malware onto the target computer.

Justin Seitz, senior security researcher at Immunity Inc., equated it to dumping sugar into the underground tanks at the gas stations your target most loves to patronize.

Just like spearphishing attacks, SWCs require the adversary to know their target well. But instead of emailing the targets - heading to the parking lot and trying to dump it right into their car - hackers place the malware on a website they know the target is likely to visit.

"Car drivers inherently trust that the gas stations are providing good fuel to them, and don't think
twice about filling up," he concluded.

But the analogy isn't quite the same, Seitz noted, because a lot of these compromised sites offer subscription PDF downloads or other services that "regular Internet users" are unlikely to frequent.

Advertisement

In the report, Crowdstrike details the advantages to this type of attack:

- Now that it has been thoroughly reported on in the media, employees at these companies are less likely to click on malicious/suspicious links or attachments.

- Increasingly agile email filters block spearphishing attempts.

- Spearphishing leaves more of a trace, so attribution to the attacker is much easier. SWCs don't leave as many "marks on the tools" that would identify the makers.

Google Chairman Eric Schmidt said at Davos that he suspects 85% of all industry cyber espionage emanates from China. Crowdstrike details an increasing amount of Russian attempts to hack energy companies.

Advertisement

Crowdstrike also predicts that SWCs will become increasingly popular in the next year, which begs the question, is there anything companies can do to protect themselves?

"Short answer? No," says Seitz. "Stay up to date with your patches and signatures. If they are using Zero Day attacks [previously unseen, unpatched software exploits], then neither will help you unfortunately. This is also why more and more tooling is not looking at prevention, rather, they are looking at detecting a successful compromise as early as possible. The compromise still occurs however."

The game has officially become how quickly a Chief Technology or Chief Information Officer can detect that his network has been breached.

You are subscribed to notifications!
Looks like you've blocked notifications!
Next Article