Biz needs desire, tenacity to repel targeted attacks

Many companies' security regimes "too easy" for hackers to breach and should increase sophistication and resilience in dealing with targeted attacks, say insiders.

Companies cannot prevent targeted attacks, which are complex and well-researched, from happening, they need to do a lot more in evolving their security systems and be more proactive in fending off these threats, security insiders urged.

According to a blog post last month by Luis Corrons, technical director of PandaLabs at Panda Security, one of the characteristics of a targeted attack is one in which the hacker had thoroughly studied its victim--whether it is an individual or an organization--which is why it is "almost impossible" to avoid these kinds of attack.

He told ZDNet Asia in a follow-up e-mail interview that while a small portion of worldwide infections were targeted attacks, the number is increasing exponentially. People are only aware of the cases that go public, but many more are taking place and nothing is known about these attacks, Corrons noted.

Increased attacks due to negligence
However, Guillame Lovet, senior manager of FortiGuard Labs' threat response team at Fortinet, had a different opinion. He said it is not that targeted attacks were unavoidable, but companies have made it "too easy" for cybercriminals to breach their systems.

In fact, recent successful attacks by hacker groups such as Anonymous require very little skill and are essentially SQL injections performed with publicly available tools, he said.

The attacks on Sony last year, for example, saw 70 million customer records stolen because a server was not updated, he added.

Jeremy Hulse, Asia-Pacific vice president of M86 Security, said that while organizations cannot prevent targeted attacks from happening, they can and should boost their security posture to protect against malware-driven attacks.

He said targeted attacks are complex and involve multiple attack paths, and whether organizations can repel these comes down to three variables--its desire to protect itself, the sophistication of its protection and its tenacity to defend.

Conversely, how the company's defense holds up also depends on three variables on the attacker's end, he added. These include the hacker's desire to penetrate the network, its technique to circumvent the organization's protection methods and its determination to succeed, the vice president explained.

Constantly review security regimes
That said, attack methods, including targeted attacks, will continue to evolve so organizations must continue to evolve their security systems to cope with changing threat risks, Hulse urged.

He pointed out that security is not a singular problem and, as such, no single vendor can supply all the tools to fend off all attacks at any given time. Companies should instead deploy a right mix of more traditional, reactive technologies such as reputation- or signature-based antivirus protection together with new, proactive technologies across both e-mail and Web gateways, he suggested.

For instance, instead of relying on a reputation-based system to determine whether a Web site is "good" or "bad", a proactive way to detect malware is to determine the actual intent of the code embedded within Web sites before it can execute, elaborated Hulse.

Lovet added that companies should make it difficult for potential attackers to clone their security systems in a lab environment. Once hackers manage to replicate it, they can test and tweak their breaching methods until one works without being detected, he said.

"Systems that are hard to clone are those which rely on data correlation and network anomalies because of the scale effect," he said. "The lab would need to be as big as the corporate network to create an adequate clone."