info@PortalDerWirtschaft.de | 02635/9224-11
Suchmaschinenoptimierung
mit Content-Marketing - Ihre News
Imperva Inc. |

Imperva CTO says the biggest series of cyber-attacks in history is driven by cyber crime

Bewerten Sie hier diesen Artikel:
0 Bewertungen (Durchschnitt: 0)


The Guardian has reported: "Biggest series of cyber-attacks in history uncovered. Hackers infiltrated networks of 72 world organisations including the United Nations, security company McAfee discovers". According to Amichai Shulman, CTO and co-founder...

Redwood Shores, CA, 03.08.2011 - The Guardian has reported: "Biggest series of cyber-attacks in history uncovered. Hackers infiltrated networks of 72 world organisations including the United Nations, security company McAfee discovers".

According to Amichai Shulman, CTO and co-founder of Imperva, "With automation, large intrusions of this magnitude are, sadly, common. For example, our most recent blog entry indicates 90 victims from a campaign that encompassed probably hundreds of thousands of potential targets over a few weeks of activity. Another recent campaign (whose detailed account was given by Armorize) encompassed millions of compromised pages over thousands of sites over a few weeks of activity.

Regarding the interpretation of the attacker identity and what is the methodology, McAfee got it wrong. Rather than a government, I think that this is Targeted Criminal Hacking. Botnet farmers are massively infecting computers by automated Spear Phishing campaigns (we experience them at Imperva). Then hackers are able to profile the infected machines by organization and sell machines to other hackers who look for specific targets. So the infection is only partly targeted. However, those who use the payload eventually do target a specific organization. It is important to make this distinction because unlike the commentary in the paper, I don't think that the adversary is really putting a lot of effort targeting a single organization-it wouldn't be cost effective.

There is a clear commercial motivation here. Attackers accumulate infected machines which they then further sell for higher profit to customers looking for specific targets. This ties in exactly to our latest blog which showcases another attacker who accumulated compromised servers arbitrarily and is now selling them for people with specific needs.

I also find it very strange that while the introduction discusses PETA Bytes of stolen information the actual paper does not provide any actual data regarding it.

I think that McAfee have done a great job getting the data, less so analyzing it. In particular, correct analysis of the motivation and methods allows organizations to put the right controls in place. Clearly the main issue here is infected machines connected to internal networks and accessing internal data source. This kind of threat emphasizes the need for tighter control and audit around internal data source (either database servers or file servers). Database and file server monitoring solutions allow organizations to detect abusive access patterns from within the organization and apply access controls that cannot be bypassed by privileged users."


Für den Inhalt der Pressemitteilung ist der Einsteller, PresseBox.de, verantwortlich.

Pressemitteilungstext: 398 Wörter, 2695 Zeichen. Als Spam melden


Kommentare:

Es wurde noch kein Kommentar zu diesem Thema abgegeben.



Ihr Kommentar zum Thema





Weitere Pressemitteilungen von Imperva Inc. lesen:

Imperva Inc. | 20.12.2011

77 Prozent der häufigsten Passwörter sind in unter zehn Minuten zu knacken

Frankfurt, 20.12.2011 - Imperva, führender Anbieter von Datensicherheitssystemen für kritische Unternehmensinformationen, veröffentlicht heute den neuesten Trend-Report der Hacker Intelligence Initiative-Serie. Der aktuelle Bericht beschäftigt si...
Imperva Inc. | 08.12.2011

Imperva warnt vor Hacking-Trends 2012

Redwood Shores, CA, 08.12.2011 - Ein ereignisreiches Hacking-Jahr neigt sich dem Ende entgegen. Imperva, führender Anbieter von Datensicherheitssystemen für kritische Unternehmensinformationen, wagt bereits einen Blick nach vorn und stellt die wich...
Imperva Inc. | 16.11.2011

Imperva says staff training is essential when medical records are concerned

Redwood Shores, CA, 16.11.2011 - Commenting on reports that healthcare and IT experts warned the US Congress earlier this month about security concerns surrounding the increasing use of EHRs (electronic health records), Imperva says that media report...