We just have discovered a series of ongoing targeted attacks which affected 1465 computers in 61 different countries. With all the security controls and IDS/IPS systems in place, how could this happen?
We just have discovered a series of ongoing targeted attacks. We call it Lurid and details are on www.blog.trendmicro.com . A lot of organizations especially government bodies have been infected in 61 different countries. We have been able to identify 1465 computers being target, being successfully infiltrated and information stolen from these computers. We called it a once persistent threat. But it wasn’t that at once. Because of exploits being used in Adobe Acrobatic Reader to actually execute to start the malware to infect the computers was well known and they also convinced users to download screen savers. So, how could this happen with all the security in place with all the IDS/IPS systems. I think the problem now a days is that you have too much noise, that you have too many log entries in an IDS/IPS system so you can’t identify the needle in the haystack. This is why we need real time threat management. This is why a system is needed which is helping the administrator, which is helping the company to identify what is really going on. To see what’s getting in and even more important what’s getting out. Because it’s more difficult to identify infected computers as long as no communication happens. But the moment an infective computer does a hand shake with command control center, trying to transfer the information out, that’s the moment in time where there is a good indicator that something bad is going on within the corporate environment. With a proper set up, a combination of security products and a real time threat management you’re able to increase visibility. 100% protection is not possible. This is why we really have to talk about risk management to minimize the risk and increase visibility with real time threat management system. This is what companies should invest into nowadays.