IT's 9 biggest security threats

Hacking has evolved from one-person crime of opportunity to an open market of sophisticated malware backed by crime syndicates and money launders

By Roger A. Grimes, InfoWorld |  Security

Threat No. 4: Intellectual property theft and corporate espionageWhile the likelihood of dealing with hacktivists may be low, most IT security pros have to contend with the large group of malicious hackers that exist only to steal intellectual property from companies or to perform straight-up corporate espionage.

The method of operations here is to break into a company's IT assets, dump all the passwords, and over time, steal gigabytes of confidential information: patents, new product ideas, military secrets, financial information, business plans, and so on. Their intent is to find valuable information to pass along to their customers for financial gain, and their goal is to stay hidden inside the compromised company's network for as long as possible.

To reap their rewards, they eavesdrop on important emails, raid databases, and gain access to so much information that many have begun to develop their own malicious search engines and query tools to separate the fodder from the more interesting intellectual property.

This sort of attacker is known as an APT (advanced persistent threat) or DHA (determined human adversary). There are few large companies that have not been successfully compromised by these campaigns.

Threat No. 5: Malware mercenariesNo matter what the intent or group behind the cyber crime, someone has to make the malware. In the past, a single programmer would make malware for his or her own use, or perhaps to sell. Today, there are teams and companies dedicated solely to writing malware. They turn out malware intended to bypass specific security defenses, attack specific customers, and accomplish specific objectives. And they're sold on the open market in bidding forums.

Often the malware is multiphased and componentized. A smaller stub program is tasked with the initial exploitation of the victim's computer, and once securely placed to ensure it lives through a reboot, it contacts a "mothership" Web server for further instructions. Often the initial stub program sends out DNS queries looking for the mothership, itself often a compromised computer temporarily acting as a mothership. These DNS queries are sent to DNS servers that are just as likely to be innocently infected victim computers. The DNS servers move from computer to computer, just as the mothership Web servers do.


Originally published on InfoWorld |  Click here to read the original story.
Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Answers - Powered by ITworld

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question
randomness