Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Evolving Security To Stay Ahead of The Hackers As The Rules Of The Game Keep Changing

LogLogic : 23 March, 2010  (Special Report)
Bill Roth of LogLogic provides his thoughts on the Kneber Bot which has proven that large scale hacking continues to be a significant threat which proves that signature based threat detection falls a long way short of being adequate security
Another hack attack hits the headlines - Big deal! This stuff happens every day now right? Wrong. Not on this scale it doesn't. The Kneber Bot has penetrated 75,000 systems, 2,500 companies across in 196 countries. This is not a straightforward Trojan - a simple smash and grab. This one's a game changer.

Systems compromised by this Botnet provide the attackers with not only user credentials and confidential information, but remote access inside the compromised network. Just some of the data stolen includes:

* 68,000 corporate log-in credentials
* Access to e-mail systems, online banking sites, Facebook, Yahoo, Hotmail and other social networking credentials
* 2,000 SSL certificate files
* Dossier-level data sets on individuals, including complete dumps of entire identities from victims' machines.

Penetration of this scale and amongst such an esteemed group of public and private organisations - Merck & Co, Cardinal Health, 10 US Government Agencies - makes it is clear that no-one is untouchable to an ambitious, determined and organised group of hackers. But what's most startling is the lack of visibility about this particular bot.

Firstly we don't yet know where it came from. Fingers have been pointed at China but there appears to be very little hard evidence. Next, we don't actually know the extent of the damage. This apparently, is still being assessed, and affected companies notified. Moreover it isn't clear to what extent the attack has been contained.

What we do know is that it started in late 2008 in Germany. But that in itself begs another unanswered question. How can an attack using a spyware freely available in the Internet penetrate 75 000 systems Worldwide - and still go unnoticed for more than a year? What is becoming ever more clear is that conventional malware and signature based detection systems are fast becoming inadequate for addressing the increasing sophistication of cyber attacks like the Kneber Bot.

So how can companies improve their visibility and protect themselves against these increasingly sophisticated attacks going forward? Well, regardless of the sophistication of the attack all computers natively generate electronic fingerprints. For every event that takes place in a computer or a network or a security system, or applications, databases or OS etc. a small record of that event is kept, it's called a log. This is your electronic fingerprint. Just like a fingerprint, properly managed logs enable us to carry out forensics, and get us the visibility required to know exactly what happened, who did what, how the attack originated, how it spread, where are the attackers, what has been compromised.

So could the key to solving and preventing IT crime lie in properly managed logs? Yes, certainly. But the trouble is that with the explosion of corporate systems the number of logs has exploded to a difficult-to-manage number and few companies are truly geared up to manage them all - meaning that things inevitably slip through the net. Only companies using the most sophisticated log management systems such as LogLogic's Open Log Management Platform which - with our new Quad-core hardware can monitor up to 250,000 records per second - can really hope to identify and act upon these new subtle, sophisticated and well-disguised attacks on their infrastructure.

The hackers' game has moved on . . . Has yours?

Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo