Corporate networks highly vulnerable

Security firm iSec Partners' summary report on the “Aurora” attacks and ways to defend against them says defending corporate networks will be extremely difficult and expensive:

  • Attackers are ignoring the front door. Despite the focus of the security industry and enterprise security teams on production networks and applications, attackers have learned that “back door” attacks against end users are much more effective at gaining access to major corporations. It is generally much harder to secure internal corporate than production networks…
  • Current Anti-Virus solutions are not working. All of the victims we have worked with had already deployed enterprise-wide anti-virus solutions, none of which prevented the initial attacks or the escalation of privilege within the network. Anti-virus tests are mostly rule-based, and the majority of heuristic detection mechanisms can be easily bypassed if an attacker is customizing his malware for that product…
  • Patching sometimes is not enough. The vulnerabilities exploited during this attack were 0-days, meaning no patch or mitigation directions were available to correct these flaws. …[A]dvanced attackers will often be able to find new flaws in complicated end-user products like web browsers, office suites and document readers.
  • …[S]mall to medium sized companies now join the ranks of major defense contractors, utilities and major software vendors as potential victims of extremely advanced attackers. This is concerning for many reasons, not the least of which is that even most Fortune-500 companies will not be able to assemble security teams with the diversity of skills necessary to respond to this type of incident. It is extremely unlikely that SMBs will be able to properly prepare for these threats alone.

Posted by James on Tuesday, March 02, 2010