– Upcoming security event speaker gives an insider’s view on the security challenges faced by Australian organisation –
When it comes to IT security, FireEye’s Rich Costanzo has the sort of insight that makes business and government leaders pay attention. The security landscape, he says, is changing fast, with attacks becoming ever more cunning, creating a security minefield for all kinds of organisations.
One such threat is the watering hole attack, in which a carefully targeted website is compromised in order to attack its visitors.
“In one case, we saw this on a popular Australian hotel’s corporate event website,” said Costanzo.
“Because many of the visitors worked in some of Australia’s biggest organisations, they were an attractive target. The attack sought to compromise corporate and government systems, with the potential to gain complete control of those environments.”
There are three primary threat types, says Costanzo. The hacktivist attack is cause based – think scenarios such as the recent Ashley Madison breach, where attackers reportedly aimed to publicly humiliate the organisation in response to its policies.
Better funded are the advanced protection threats (APT) that are backed by foreign governments or military organisations. Once these groups gain access, they search the corporate network for key information. There are more APT groups than most executives realise.
“We track hundreds of threat groups,” says Costanzo.
“They are well paid, with strong tools that can bypass most security infrastructure.”
Perhaps the best-known threat type is financial. The tools to build an attack are easily available online, says Costanzo, with risks coming from both individuals and organised criminal groups.
“Every real-world threat has a corresponding cyber threat,” says Costanzo.
Part of the problem stems from the speed at which applications, particularly mobile apps, are developed. Where once, large IT companies dominated, with development cycles taking years, today most apps are developed in less than six months. Malicious apps proliferate, but many other developers inadvertently include chunks of code, taken from code libraries, that have malicious code built in.
While most corporate users are now educated about the dangers of downloading unknown files from emails, many innocently install apps that appear to be safe. As bring your own device (BYOD) policies adapt to changing workplaces, this poses a particular challenge, where users typically work on devices that have a range of banking, entertainment and social media apps installed alongside business tools.
FireEye’s success has come from the ability to identify previously unknown attacks which often use zero-day vulnerabilities, entirely new techniques, and complex obfuscation. They take content, including IOS and Android-based apps, and put it in a virtual environment, checking for any malicious behaviour or code. For organisations without this capability, detection and response of the threat comes weeks or even months after the breach when it is already too late.
Costanzo’s advice is that organisations of all sizes should evaluate and improve their security posture, through a combination of technology, intelligence and expertise.
“Many businesses don’t understand the value of the information and the access they have. It is a mistake for any organisation to think it is not a target, or to think they have the problem solved.”