steven36 Posted February 10, 2015 Share Posted February 10, 2015 TJX hacking mastermind Albert Gonzalez scoffed at antivirus tools. He and his cohorts wrote malware specifically designed to evade their detection. One can imagine him laughing as his team of hackers broke into corporate networks using SQL injection attacks and gained administrative access.Then he probably guffawed, Bond villain-style, as he uploaded the malware directly into server memory, and when the corporate networks began happily delivering customer credit card data directly to his servers chuckled all the way to the bank.Gonzalez was perhaps the biggest cyber criminal in history. He was eventually jailed for hacking more than 250 companies, ranging from retailers such as TJX and grocery chain Hannaford Bros through to payment processing company Heartland.He pilfered data from under their noses and cost them hundreds of millions of dollars. Even though many of these firms had antivirus software installed, they didn’t detect what he was doing. Why? Mind the gapsDon’t be mistaken: antivirus software is a crucial part of any security arsenal and every day malware scanners the world over detect and throttle millions of malicious software strains. This is not a category of software that we should live without.Antivirus tools work by scanning both static files and programs running in memory. They use several techniques to try and detect malicious activity.Signature scanning, which looks for known patterns in files, is a well-established method of finding software nasties, as its scanning code runs in memory, looking for potentially malicious activity as it happens.These are solid, reliable tools but when attackers are determined enough, antivirus software alone may not stop them from grabbing your data.The malware industry thrives on zero-day attacks – exploits using obscure or completely unknown vulnerabilities. A hacker smart enough to devise one – and there are plenty – can get past malware detectors.The smart IT manager uses complementary technologies to reduce the risk of attack, and one is to look at the potential delivery channels for malware. Ugly sitesOne way in which attacks are delivered is via drive-by downloads. Employees visiting legitimate work sites are relatively safe, but when they visit less savoury sites online they run the risk of being infected by rogue JavaScript running in the browser.Web protection software can reduce that risk by blacklisting certain sites or groups of sites. Filtering web access is a good way to reduce the risk of infection by simply prohibiting access to sites that are not necessary for work.It can also be a worthy complement to antivirus software that will attempt to detect anything installed via the browser. This multi-faceted protection is a basic tenet of modern cyber security.All it takes is for one user to open a file or click a link and you can wave goodbye to the integrity of your network.Another important vector is email. This has gained huge traction among attackers, who use it for phishing, and in some cases spear phishing targeting specific companies.Attackers can gather information about a company's organisational structure and employees. The list of sources here is endless, ranging from annual reports through to social media posts.These can be used to socially engineer employees to obtain login details or have them open a file containing a zero-day attack.Employee training is all-important here but it must be backed by a technological solution too. All it takes is for one user to open a file or click a link to a fake IT administrator page asking them to enter their single sign-on password as part of a security audit, and you can wave goodbye to the integrity of your network. Big phishThe best way to counter threats delivered via email is to choke them off before employees even see them. Monitoring and filtering emails is therefore an important part of any corporate cyber-security strategy.Email can be scanned for viruses, and it can be controlled still further by scanning for known spam signatures and characteristics. This alone can root out the lion’s share of malicious or pestering emails, increasing employee productivity as well as reducing the risk of compromise.Adding blacklists for known bad domains and whitelists for recognised sources, such as business partners and customers, can be an extra-useful technique for locking email down.The further that companies can keep unscrubbed email away from their IT architectures the better. Pre-filtered email streams contain not only infected files but also large volumes of spam, which serve only to clog bandwidth and servers.Having these filtered offsite by a third-party service mitigates the problem, ensuring that only clean communications touch company servers. Patch and mendEven after all these measures have been taken, there is still the chance that a company’s systems can be compromised.The likes of Gonzalez, or the Sony Pictures hackers, are determined assailants. The battle doesn’t stop with web protection or email scanning.Making sure the software running on the network is up to date is an important aspect of any cyber-security strategy so that attackers can’t exploit any of the known vulnerabilities in the average operating system or application.Patch management processes and tools are critical, especially as companies grow larger and IT infrastructures become more complex. Understanding what has been rolled out and when can help IT administrators prevent dangerous holes from appearing in the system.All of these measures, layered onto antivirus software, can help to reduce the risk of a successful cyber attack.Here’s the dirty little secret of cyber security, though: nothing is 100 per cent secure. The key is to make things so difficult for attackers that they decide to move on to easier targets.The way to do that is to layer your defences, using multiple tools and protecting different parts and communications channels of the IT infrastructure.Managing it centrally also gives you a single point of access, helping you not only to quash incidental attacks but also to spot any emerging trends that could indicate a sustained, targeted assault on your company.This concept reflects a long-established military strategy: defence in depth, in which layers wear down an attacker’s ability to mount an offensive.In a modern environment, where companies live and die by their data, don’t rely on a thin red line to protect it all.Source Link to comment Share on other sites More sharing options...
dcs18 Posted February 10, 2015 Share Posted February 10, 2015 Yep, paranoia is never a vice - when it involves one's own security (and the security of one's Customers.) Link to comment Share on other sites More sharing options...
humble3d Posted February 10, 2015 Share Posted February 10, 2015 :lol: It's not paranoid if it's real... It's circumspect... :) Link to comment Share on other sites More sharing options...
212eta Posted February 10, 2015 Share Posted February 10, 2015 First of all, Imaging and Virtualization (Sandboxing)... Link to comment Share on other sites More sharing options...
TheAslan Posted February 10, 2015 Share Posted February 10, 2015 The best antivirus:User Link to comment Share on other sites More sharing options...
davmil Posted February 11, 2015 Share Posted February 11, 2015 You're not paranoid if they really are out to get you (Henry Kissinger). Link to comment Share on other sites More sharing options...
dcs18 Posted February 11, 2015 Share Posted February 11, 2015 The best antivirus:UserWhich User do you mean - this one? :tehe: Link to comment Share on other sites More sharing options...
Cereberus Posted February 16, 2015 Share Posted February 16, 2015 i dare anyone who doesn't believe in maintaining pc/online security with even the basics of measures, to try surfing the web and doing banking over a period of 3 years. then we will see if we are paranoid or not ;_;i use a few layers ....anti malware/anti rootkit/ anti loggers....anti virus, firewall (mbam, nod32, hitman, windows firewall control, herdprotect, zemana anti logger, zemana antimalware beta, emet)latest tomato shibby firmware (with all the patches, including that nasty ssl heartbleed patch). has bandwidth logging enabled, can detect unusual bandwidth usage ;x or alien ip addresses connected to my network.ipv6 .... win 8.1 64bit os....browser chrome with umatrix/ublock....sandboxing with shadow defender .....up date windows.....supplementary sources to keep up to date on security solutions or vulnerabilities every now and thenwww.malwaretips.comwww.wilderssecurity.comother useful tools for maintenance... ccenhancer, ccleaner, DDU, iobit driver booster, KCP....anydvd... Link to comment Share on other sites More sharing options...
fuzzler Posted February 21, 2015 Share Posted February 21, 2015 I still say prevention is better than a cure. I never browse to sites that are not trusted. So far, it has been working out great for me. Link to comment Share on other sites More sharing options...
LeeSmithG Posted March 19, 2015 Share Posted March 19, 2015 Anyone that can write a torjan or a virus or any code to make a system defunct can do it. Any detector is only as good as it's definitions. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.