September 17, 2013
I tend to have a fairly laissez faire attitude towards cyber security – while I know full well just how much dodgy stuff happens online (hey, my spambox is as full of phishing attempts as anyones) I tend to just ignore it. This despite spending time with infosec practitioners who tend to have a far less trusting and darker attitude to the perils of life on the interwebs.
The ther day I was contacts by CyberSquared a company that has recently launched its ThreatConnect threat intelligence platform. ThreatConnect gives everyday IT operations cyber analysis capabilities – their pilot had hundreds of participants including many Forune 500 companies and Governmental organizations. The idea of the platform is to leverage community knowledge and automation to expand understanding of new cyber threats.
Anyway – during the pilot program, ThreatConnect identified some interesting new vectors of attack. Having reached the end of the low hanging fruit when it comes to simple attacks, there is now far more sophisticated work going on which includes the integration of existing trusted enterprise services as an alternative method of entry. An example:
A Chinese threat group has been observed staging a malicious document containing a custom backdoor that interacts with WordPress, then delivering it via Dropbox. The attackers did not have to compromise the “easy to mitigate” midpoint infrastructure that has been previously seen in traditional targeted attacks and these files have low anti-virus detection.
For anyone interested in infosec, reading the full post is very interesting.
What does it mean?
It shouldn’t come as any surprise that since threat detection generally is getting more sophisticated, attackers too are becoming more sophisticated and finding new targets and exploitation techniques in order to carry out their malicious activities. There’s the eternal arms race going on here that matches better security with more sophisticated attacking techniques.
What this means is that despite increased availability of “enterprise level” services for everyday users, there is a corresponding increase in the ability of attackers to use those high grade services for nefarious purposes. It’s true that using a cloud services means some level of responsibility for threat protection is abstracted away from the end user but fundamentally the need for highly skilled security practitioners remains.
What we will see over time is a dual approach – third party services will offer specific security realted functionality to other vendors, leveraging highly skilled engineers and laser focus on their particular area. At the same time more general measures will increasingly be enforced by application providers on end users (the recent rise of widespread two factor authentication is an example of this). The threats keep coming, but the move to distributed provision of discrete functional services will help to reduce the impacts.