May 24, 2016
Chase, Home Depot, Target, Adobe Hacks… Are You Next?
Advanced targeted attacks on companies from every industry are growing at a frenetic rate. Recent examples include Chase Bank, Home Depot, Target and Adobe.
JPMorgan Chase has just confirmed that 76 million households and 7 million small businesses were impacted by a breach that reportedly began in June. “This breach is really serious – Chase is one of the most secure banks out there,” says financial fraud expert Avivah Litan, an analyst at the consultancy Gartner. “It’s a national crisis. … We are all under attack, and this is not isolated to Chase.” The breach affected customers who use many of their Web and mobile services.
56 million records of credit card data were breached in a Home Depot attack caused by outdated security in a prolonged multi-prong attack. Target lost 40 million Credit card records in breach that reflected inadequate controls and lack of oversight in an advanced attack. Adobe was struck by an advanced attack which cost them 152 million customer records plus source code to key Adobe products.
In nearly every case, cybercriminals have used stealthy Advanced Persistent Threat (APT) attacks that have lasted months, not minutes. Security has been inadequate, warning signs ignored, policies violated or non-existent, and/or oversight has been lacking.
One thing is for sure, attackers have proven that they can penetrate most defenses especially if the technology is old, not up to date, inadequate, or unable to handle real-time zero-day threats.
Popular preventative solutions such as firewalls and endpoint security must now be updated to leverage the latest technologies such as malware sandboxing and reputation checking. These two very important staple solutions continue to be updated to cope with real-time stealthy evasive malware.
Sandboxing attempts to analyze incoming executable code in a safe environment to see if it is malicious before it reaches the endpoints. It is available on leading firewall vendor’s products. Reputation checking checks websites, email, and files to see if any prior malicious activity is associated with them. The technology is available on leading firewalls and endpoint security solutions.
But in addition to utilizing the latest solutions for prevention, companies of all sizes now must turn to solutions that monitor systems and look for threats based upon behavior. If we have learned anything from recent breaches it is that companies must be constantly monitoring to see when, not if they are breached and react quickly to shut down the attacks.
Methods to monitor for threats, and alert when found include: Log monitoring (SIEM), intrusion detection and protection systems (IDS/IPS), and a new generation of malware threat detection solutions.
SIEM solution have been around for a long time, but now are available as an affordable monthly outsourced service. By outsourcing SIEM-as-a-Service, smaller companies can attain compliance quality monitoring without the need for internal infrastructure and monitoring staff. For smaller companies, outsourcing managed firewall services with log monitoring can accomplish a similar objective to SIEM for anomalous behavior and alerting for just firewalls.
IDS/IPS solutions also have been around for a many years and are available on most firewalls. Dedicated IDS/IPS solutions provide a higher quality of intrusion detection and the ability to keep up with network traffic requirements and to meet compliance regulations. Like SIEM and firewalls, Managed IDS is available to enable dedicated IDS quality without the need for internal infrastructure and monitoring staff.
Lastly, a new generation threat monitoring solutions provide network-wide visibility and intelligence to detect and respond to targeted attacks and advanced threats. These solutions monitor ports and protocols to analyze network traffic. Detection engines and custom sandboxing identify and analyze malware, command-and-control (C&C) communications, and evasive attacker activities invisible to standard security. Advanced solutions communicate between the gateway and endpoints to shut down threats wherever they are once discovered.
When threat monitoring used in conjunction with SIEM and IDS, these monitoring solutions will complement the preventative solutions that are historically the staple of security, but are proving to be only part of a complete security risk management infrastructure.
The lessons to be learned about how to secure companies in the current environment of real-time advanced persistent attacks include multiple proactive components.
- Develop a security strategy leveraging Security Audits
- Regularly assess risks
- Advanced malware solutions (endpoint, gateway and network)
- Use Overlapping security
- Appropriate Identity Control (based upon role & need)
- Monitor, monitor, monitor
Please contact us if you would like to learn more about the changing threat environment or about the solutions that can help prevent these threats.
Source: eSecurity Blog