More Sophisticated Attacks = We Must UP CyberSecurity

commandandcontrol

This is the problem in all of these stories – somehow the client computer was infected. (how can we stop it in the best manner possible)?

 

There are plenty of stories streaming of the sophisticated nature of the Cyber criminals:

http://www.csoonline.com/article/2892442/malware-cybercrime/the-cybercrime-economy-personified.html

The ready availability of free cybercrime applications invites participation in the cybercrime economy by just about anyone. “This creates a services-based cybercrime economy, meaning that even those with limited personal expertise can still achieve significant results,” says McKinty.

http://krebsonsecurity.com/2015/03/credit-card-breach-at-mandarian-oriental/

{“We can confirm that Mandarin Oriental has been alerted to a potential credit card breach and is currently conducting a thorough investigation to identify and resolve the issue,” the company said in an emailed statement.}

http://www.securitymagazine.com/articles/86150-hospital-sues-bank-of-america-over-cyberheist

{“In April 2013, organized cyber thieves broke into the payroll accounts of Chelan County Hospital No. 1 , one of several hospitals managed by the Cascade Medical Center in Leavenworth, Wash. The crooks added to the hospital’s payroll account almost 100 “money mules,” unwitting accomplices who’d been hired to receive and forward money to the perpetrators,” reported Krebs on Security. }

And the latest in disturbing SSL problems:

http://threatpost.com/new-freak-attack-threatens-many-ssl-clients/111390

{“The export-grade RSA ciphers are the remains of a 1980s-vintage effort to weaken cryptography so that intelligence agencies would be able to monitor. This was done badly. So badly, that while the policies were ultimately scrapped, they’re still hurting us today,” cryptographer Matthew Green of Johns Hopkins University wrote in a blog post explaining the vulnerability and its consequences.}

This Attack is difficult to achieve successfully, thus on the threat level it will not be a 7-10, but it is the direction of more cybersecurity problems that I want to point out.  The details are listed at Internet Storm Center.

It is increasingly obvious to bystanders and insiders alike that there is a severe disconnect with cybersecurity in our current environments.
I consider myself in the cybersecurity industry, having had contracts and worked exclusively as a security engineer. for 3 years, before this I was in charge of an IT department and I thought about security for over 10 years.
At that time a firewall and anti-virus software plus some user education was a valid security model.
Today this is not good enough.  IPS (Intrusion prevention System) device companies like Palo Alto Networks have reported better than expected results:
{“New customer additions and expansion in existing customers resulted in record billings, revenue and deferred revenue in the second quarter,” said Steffan Tomlinson, chief financial officer of Palo Alto Networks. }
It looks like some people are heeding my advice:
In my fixvirus.com post there was a discussion of what an IPS system can do in defense of your network.
Now there is an additional device that you can use to defend your network:
poliwallinnetwork_bandura
Poliwall, can sit in front of the Firewall/IDS-IPS devices and block all traffic that comes from some countries.   http://oversitesentry.com/block-all-traffic-from-china-improves-your-defense/
Let’s look at it statistically from a successful malware attempt into your network:
If malware can be blocked 45% of the time with Anti-virus software that means it has a 5% chance of success.
If an IPS system has 50% chance of catching a malware program (this depends on the system, but we can make conservative conjecture)
Now add the Polliwall in front of this system adds another 30% catch of the malware (depending on more variables, but I am being conservative).
So what is the chance the malware will go through and infect?
.55 * .5 * .7 = .1925 or about 19%  and if the IPS  and Polliwall is managed correctly maybe you can move the needle to
.55 * .4 *.6 =  13.2 % with a 10% increase of efficiency in IPS and Polliwall.
I don’t want to suggest that any piece of the defense system can be 80% effective, but if it could the effectiveness of the malware drops significantly.  We are in essence dependent on the vendors of Polliwall and IPS manufacturers as to the effectiveness of their definition lists.
Of course Polliwall could also depend on your business rules. If you do not have a global marketplace, then you could cut off all outside USA and have a significant malware infection percentage.
Contact Us to review your options.

4 thoughts on “More Sophisticated Attacks = We Must UP CyberSecurity”

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.