FireEye, Inc. has released its Advanced Threat Report for the First Half of 2012 and the findings aren’t in your favor. Unfortunately the trend of the attacker getting stronger - defenses getting weaker has continued. The main report consists of 5 overall findings which are quite alarming:
- Finding 1: Explosion in Advanced Malware Bypassing Traditional Signature-Based Defenses. What this means to you is that the Anti-virus, Anti-Malware, Intrusion Detection, and Intrusion Prevention capabilities on your devices are becoming less effective compared to the progress which attackers are making in getting around them.
- Finding 2: Patterns of Attacks Vary Substantially by Industry—Attacks on Healthcare up 100%, 60% in Energy/Utilities. The attackers are shifting toward different industries differently. Often we as humans like to think of everything being uniform. If I got attacked and you got attacked… then we got attacked the same way… or at least we’d like to think so. This is often no longer the case. Attackers in Cyberspace are quite adept at profiling you and customizing an attack to fit your individual vulnerabilities. The importance of Internet security to secure our data and information continues to increase as more and more of ever industry becomes more dependent upon the Internet.
- Finding 3: The Intensified Dangers of Email-Based Attacks, Both Via Links and Attachments. Checking your email is now more dangerous than ever! If it wasn’t bad enough that most of us sit sedentary for way to long checking the stuff. There is a noted role reversal with malicious Links within emails now becoming more common then malicious attachments. Yet both vectors still represent significant vulnerabilities to our network security, data, and systems. This challenge also has a very wide spread business sector creating part of the problem. More and more businesses are opening Affiliate programs. These programs pay individuals a small share of any sale made. Enter the malicious and devious attacker and you have a very easy manner in which to achieve monetary gain.
- Finding 4: Increased Prevalence of Limited-Use Domains in Spear Phishing Attacks. We are seeing custom built, single use, email accounts being used to Spear Phish individuals. Have you left that Facebook Friends list open to the public? Did someone just email you that hasn’t in years (the name will be in the exact format from their Facebook account). Usually this can easily be spotted by examining the email address of the sender to expose an actual email address that has been created just to attack you. For example the email address will look like “John Smith” but the email might be from [email protected] You know that “Jon Smith” doesn’t have an email like that… and of course there will be some form of payload in the email like Finding 3 notes - probably a Link or even an attachment.
- Finding 5: Increased Dynamism of Email Attachments. Simply put the ability of protective systems to examine all forms of email attachments continues to be more important. Simply looking at EXE, DOC, DOCX, PDF, etc. is no longer enough. Every file requires inspection and potential action.
About FireEye, Inc.
FireEye is the leader in stopping advanced targeted attacks that use advanced malware, zero-day
exploits, and APT tactics. The FireEye solutions supplement traditional and next-generation firewalls,
IPS, anti-virus, and gateways, which cannot stop advanced threats, leaving security holes in networks.
FireEye offers the industry’s only solution that detects and blocks attacks across both Web and email
threat vectors as well as latent malware resident on file shares. It addresses all stages of an attack
lifecycle with a signature-less engine utilizing stateful attack analysis to detect zero-day threats. Based
in Milpitas, California, FireEye is backed by premier financial partners including Sequoia Capital, Norwest
Venture Partners, and Juniper Networks.
Having had the privilege to meet, hear speak, and ask questions of General James E. Cartwright (USMC, Ret.) when I found this video it was A Cyber Fellow’s treat! The video is from the Global Security Forum 2012. One of the panels addressed the big aspects of Fighting a Cyber War to include significant strategy and policy discussions in Defense and International Security, Technology and Cybersecurity. Several years ago at an AFCEA IT conference while he was serving as Commander, U.S. Strategic Command, I asked a question relating to the significant slowness of technology to penetrate the U.S. Military for use by our Forces. His retort, “it is a massive problem,” quite accurate from what I’ve learned about the issue since - he even offered me his shoes if I wanted to take his place (Navy LT (O3) to 4-Star (O10) would have been a significant jump). The problem is quite massive and at the root of our Military’s desire - Innovative, Highly Technical, Entrepreneurial, yet Inspirational and an Effective Leader - the perfect warfighter!
Since that day I’ve worked toward being able to fill those shoes…
About the video and forum:
The Global Security Forum 2012 is a forum on the top challenges facing U.S. and global security. The vulnerability of military, civilian, and commercial networks to cyber attack is forcing the U.S. government to revise its approach to cyberspace. While most attention is focused on preventing attacks, this panel will address how cyber could be used in an offensive capacity, including how to conceptualize command and control, targeting, damage assessment, proportionality, and deterrence in a cyber environment either alone or alongside kinetic operations.