Friday, 2 August 2013

Companies 'not aware' of being hacked

Most companies are not aware that they have been compromised and their intellectual property stolen, a cyber security firm has said.
"Most organisations who we actually end up doing forensics investigations for didn't figure out for themselves that they'd actually suffered a compromise - that they'd been hacked," John Yeo EMEA director at Trustwave told News24.
Trustwave division Spiderlabs specialises in penetration testing or ethical hacking.
Yeo said that the overall majority of clients the company handled were unaware that they had been compromised.
"Of all the forensics investigations that we did last year in only 25% of cases did the victims figure it out for themselves that they’d been hacked."
Antivirus
While most companies rely on antivirus solutions to prevent malware from intruding, Spiderlabs' research shows that attacks on corporations have become targeted.
"Of those 415 investigations we conducted last year, the vast majority we saw in each of those cases was bespoke so it wasn't something that was off the shelf or that was used in many different organisations - it was written with a very specific purpose in mind and was only used once," said Yeo.
He said that hackers who conduct attacks usually have a long period of access to company servers before they are detected.
"Intuitively you’d think that if an organisation gets hacked, they’d know about it and they’d know about it pretty quickly. But the reality is that they don’t figure it out for themselves and on average it takes about 210 days before the detection actually takes place."
Antivirus solutions that rely on virus definitions do not readily register malware that has been specifically designed to target a computer if that malware has not been identified previously.
This implies that hackers - whether they be corporate or state - can harvest data from companies without their knowledge or setting off alarms.
"Signature-based antivirus hasn't got a hope of being able to detect it and any organisation that thinks 'I've got antivirus deployed on my mission critical systems and if the worst case scenario happens, I'm going to detect it,' that's not going to happen," said Yeo.
Older software
Despite the release of so-called secure operating systems, Spiderlabs said that their experience shows that there is usually a fair number of systems running older software that can be exploited in medium to large firms.
Hackers typically gain entry into these older systems and quietly steal intellectual property.
"Attackers basically have free reign to a large extent. They manage to penetrate an organisation and they manage to harvest data for long periods of time before anyone figures out that anything it wrong," said Yeo.
He said that it was easier to go after "low hanging fruit" when looking to compromise a company and configuration errors and legacy systems were ideal targets for hackers.
"An attacker only needs to find the weak link in the chain, the chink in the armour. They're not going to go with a sledgehammer after the most secure system in the environment."

No comments:

Post a Comment