These software programs are a biohazard.
Some are just plain broken, wheezing out juice from a hooked windows message
chain just long enough to cough up and die, only to be resurrected by the swift
kick of a boot-time registry key the next time the machine reboots. Some have
pretty little labels of well-known companies – clearly so you won’t look twice
at them and notice how they are exfiltrating personal browsing statistics and
other data to some cloud server – really like malware but allowed by the EULA
that you didn’t read.
Everything looks bad. So, it’s no wonder that attackers can just drop something new in and nobody notices. As long as it doesn’t infect five million residential banking customers then nobody is going to give a crap..
That is the unfortunate reality of hacking these days, and it has nothing to do with
advanced persistent threats (APTs) . It has to do with the enterprise and the complete
LACK of visibility and control you have over the endpoint (i.e. where all the action is)... When security is limited to the
network perimeter only, you are not in control, Period......
Oh, and what a "breath of fresh air"
the mobile device is. A new pile of mobile software, mostly social media, that is
directly connected to thousands of strangers that are not your employees,
communicating in real-time with processes running within your defenses. In effect, you now have thousands of potential multi-homed routers to 3G-space (4G if your lucky..)
from your network that don’t belong to you.
OK, so lets review some basic security facts:
- Today, malware is a tool for persistent adversaries
- Adversaries are financially and/or politically motivated
- Intrusions involve a real person (or group) that targets your organization directly
- Attackers are motivated to steal something from your network
Criminal Enterprises – these are the guys who make more money than
drug cartels and the reason a malware economy has emerged over the last few years.
This is what mere mortals mean when they talk about malware, and the reason
people get malware and hackers mixed up all the time.
Rogues – these are the hacking groups you can enumerate on any given day. Hundreds, if not thousands worldwide. These guys are all capable but normally aren’t fueled by cash. These guys deface, DDOS, and partake in ‘mostly harmless’ hackery. But, a small subset have always been deeply malicious. Others pick up a cause and act like cyber terrorists. And still others really are cyber terrorists.
Rogues meet cash - these hired mercenaries are the ones who write malware, sell 0-day, and get caught up in the vortex of organized crime. These guys are very, very dangerous.
All the membranes have been breached - the threat is blended. We live in a time where a state interest can simply buy access to adversary networks from criminals who are selling their botnets. Where state sponsored attacks can be vectored through private hacking groups. Where private hacking groups can fund their operations from cybercrime, while targeting corporations and governments with methodology indistinguishable from APT. There is no tidy bucket to place the threat, all the wires are now crossed. The only thing that is consistent here is that hacking is hacking, and it always looks and smells the same when you see it.
Rogues – these are the hacking groups you can enumerate on any given day. Hundreds, if not thousands worldwide. These guys are all capable but normally aren’t fueled by cash. These guys deface, DDOS, and partake in ‘mostly harmless’ hackery. But, a small subset have always been deeply malicious. Others pick up a cause and act like cyber terrorists. And still others really are cyber terrorists.
Rogues meet cash - these hired mercenaries are the ones who write malware, sell 0-day, and get caught up in the vortex of organized crime. These guys are very, very dangerous.
All the membranes have been breached - the threat is blended. We live in a time where a state interest can simply buy access to adversary networks from criminals who are selling their botnets. Where state sponsored attacks can be vectored through private hacking groups. Where private hacking groups can fund their operations from cybercrime, while targeting corporations and governments with methodology indistinguishable from APT. There is no tidy bucket to place the threat, all the wires are now crossed. The only thing that is consistent here is that hacking is hacking, and it always looks and smells the same when you see it.
No comments:
Post a Comment