Defending networks against targeted Trojans.PROTECTING NETWORKS against worms and viruses is a trying task. Protecting against a threat targeted specifically at your network is even tougher. That's a lesson that several Israeli companies The top 10 Israeli companies by sales are[1]:
Trojan Horse hollow horse concealed soldiers, enabling them to enter and capture Troy. [Gk. Myth.: Iliad] See : Deceit (application, security) Trojan horse programs had been installed on their system, allowing industrial spies access to their networks. [ILLUSTRATION OMITTED] The head of the Tel Aviv Tel Aviv (tĕl əvēv`), city (1994 pop. 355,200), W central Israel, on the Mediterranean Sea. Oficially named Tel Aviv–Jaffa, it is Israel's commercial, financial, communications, and cultural center and the core of its largest fraud squad Police Fraud Squad City of London Police The largest Fraud squad is run by the City of London Police who are responsible for policing London's and the UK's main financial hub. told the Haaretz newspaper that the malware was in one case sent via e-mail, and in another was on a disk that purported to be a business proposal. Joe Stewart, senior security researcher for LURHQ, says that's typical. These attackers "want to target a particular company, and they do it almost universally through social engineering," Stewart says. "Social engineering works, and it's very hard to defend against. It's down to that weak link, which is the person." Chuck Orde, senior security consultant with IT advisor Forsythe, knows firsthand how to target a particular company's network. He's a penetration tester, meaning he gets paid to try to break network defenses--a task he's usually able to accomplish. "The first two or three days of the testing is information gathering," he says. "We learn the structure and environments, we search newsgroups This is a list of newsgroups that are significant for their popularity or their position in Usenet history. As of October 2002, there are about 100,000 Usenet newsgroups, of which approximately a fifth are active. for administrator names, and try to farm as much information that's publicly available," just as an attacker would. If the social engineering doesn't work, Orde targets other holes: "Most exploit code I write on a per-customer basis is specifically targeted at that customer." It's tough for companies to defend against targeted attacks like these, Stewart says. But not impossible. Part of the solution is to make sure the company has multiple layers of protection, including firewalls that are configured to block any outbound traffic Traffic originating in the continental United States destined for overseas or overseas traffic moving in a general direction away from the continental United States. that's not explicitly allowed. Such a strategy will help to prevent Trojans that may have gotten into the network from sending files to the hacker through unusual ports. Stewart says antivirus software See antivirus program. (tool) antivirus software - Programs to detect and remove computer viruses. The simplest kind scans executable files and boot blocks for a list of known viruses. is unlikely to be of much use in detecting these types of attacks. He notes that when he looked at the code from one of the Trojans used in the Israel attacks, it had been compiled almost a full year before it was discovered--meaning that for nearly a year there were no signatures that could have detected it. He adds that malware often acts too subtly to be detected by behavior-based antivirus programs. Once malware is successfully installed on any one computer in a target company's network, the first thing it will do is try to spread across the network to other computers. A common way for this to happen is to use a brute-force attack on passwords. Hard-to-break passwords might prevent it from spreading from workstation to workstation. Therefore, Stewart says, companies should enforce a strong-password policy, even if it means workers are forced to post their passwords on their monitors. This may seem to fly in the face of to defy; to brave; to withstand. to insult; to assail; to set at defiance; to oppose with violence; to act in direct opposition to; to resist. See also: Face Fly conventional wisdom, "but the thing we're trying to get across to people is that worms can't read sticky notes," he says. "Then you're only talking about who has physical access to a machine, and realistically, if somebody has physical access to your machine, it doesn't matter what your password is." Stewart also suggests that organizations with sensitive intellectual property (IP) segregate seg·re·gate v. seg·re·gat·ed, seg·re·gat·ing, seg·re·gates v.tr. 1. To separate or isolate from others or from a main body or group. See Synonyms at isolate. 2. the workstations with that information by putting them on their own network. This dedicated network should then be monitored more stringently than the rest of the network to ensure that this sensitive data isn't being transferred to a third party. "You can recover from a mass mailer or a Blaster," he says, "but losing your company's IP can be devastating dev·as·tate tr.v. dev·as·tat·ed, dev·as·tat·ing, dev·as·tates 1. To lay waste; destroy. 2. To overwhelm; confound; stun: was devastated by the rude remark. , so you have to weigh the risk. And the risk has become greater in the last six months." @ A BRIEFING FROM THE U.K.'S NATIONAL INFRASTRUCTURE SECURITY CO-ORDINATION CENTRE The National Infrastructure Security Co-ordination Centre (NISCC) was an inter-departmental centre of the UK government. Set up in 1999. The role of NISCC (pronounced "nicey") was to minimise the risk to the Critical National Infrastructure (CNI) from electronic attack. ON TARGETED TROJANS GIVES MORE BACKGROUND ON THE PROBLEM. GET IT AT SM ONLINE. |
|
||||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion