Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Targeted Trojan-Assisted Data Theft

Varonis Systems : 03 February, 2012  (Technical Article)
Varonis comments on the new wave of trojan malware using windows update data streams
Targeted Trojan-Assisted Data Theft
Commenting on reports that targeted trojan malware is using data streams formatted as an Microsoft Windows Update to communicate back to base, Varonis Systems says that this type of targeted and automated attack vector highlights the need for a similarly automated approach to data governance.

David Gibson, director of technical strategy with the data governance specialist, says that the trojan attack, which has been analyzed by colleagues from Seculert and Zscaler, appears to have targeted a number of U.S. government agencies and allied organizations.

This attack reportedly exploited a vulnerability in Adobe Reader to install a Remote Access Trojan (RAT). A PDF, disguised as a conference invitation, was sent to specific individuals via email. When the attachment was opened, the Trojan was installed on the victim’s workstations, allowing the attacker to control it clandestinely, apparently camouflaging its traffic and binary files to look like normal Windows update behaviour.

“It’s bad enough that data on the infected workstations is compromised. What’s worse is that by controlling a system inside the organization’s perimeter defenses, the attackers often have wide, unmonitored access to network file shares, SharePoint sites, and mailboxes, and the scope of the breach expands exponentially. Sensitive data usually stored all over the network is up for grabs with no notice.”

The data on file shares and other unstructured platforms has grown so quickly that organizations have been unable to keep up with basic access control tasks - users have access to far more data than they require, much of it is sensitive, and many folders and files are accessible to large numbers of employees. In most cases there is also no record of who is actually accessing data on these platforms, as this kind of auditing has been traditionally unavailable and/or unrealistic.

This is, Gibson explained, a data governance specialist’s worst nightmare: a compromised computer siphoning data from your valuable data stores and an inability to detect data flowing from them, and then a leak to an outside organization.

Workstations are going to be compromised, and some employees will steal. The way to minimize the threat is to use automation to restrict what every user (and workstation) has access to, monitor and analyse all use, and alert on potential abuse.

And, he adds, whether the data is structured or unstructured (the latter is far more difficult to track), an automated data governance system can restrict excessive access, audit all use, and alert on anomalous usage so a security professional can analyze what is happening.

Attackers will be not necessarily be stopped in their tracks, but automated data governance makes their job more arduous, and makes it far more difficult to evade detection.

“Using sophisticated data governance technology in this context acts as a safety net that prevents a data breach from occurring - even in the face of a successful malware infection within the organization’s network perimeter,” said Gibson.
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo