Loading ...
Sorry, an error occurred while loading the content.

ISPLA Alert - Internet Security Threat Report

Expand Messages
  • Peter Psarouthakis
    In light of the increasing incidents of email account hijacking etc the following should be of interest to investigative and security professionals, as well as
    Message 1 of 1 , May 11, 2012
    • 0 Attachment
      In light of the increasing incidents of email account hijacking etc the
      following should be of interest to investigative and security professionals,
      as well as their clients.

      Symantic has released a 52-page report published in April 2012 entitled
      Information Security Threat Report - 2011 Trends, Volume 17. This
      comprehensive report relates the wide range of challenges facing computer
      security professionals. Targeted attacks have been customized malware and
      refined social engineering to gain unauthorized access to sensitive
      information. This is the next evolution of social engineering where victims
      are researched in advance and specifically targeted. There is also a
      portion of the report dealing with attacks against handheld devices and
      balancing the risks and benefits in "The Cloud."

      Targeted attacks from industrial espionage exploitation of advance
      persistent threats or what is now referred to as "APTs" have become a
      buzzword and used and misused by the media but still pose a significant
      threat. All rely on using a variety of means such as drive-by-downloads, SQL
      injected malware, phishing and spam.

      APTs differ from conventional targeted attacks and according to the report:

      1- use highly customized tools and intrusion techniques

      2- use stealthy, patient, persistent methods to reduce risk of detection

      3- aim to gather high-value, national objectives such as military, political
      or economic intelligence

      4- are well-funded and well-staffed, perhaps operating with the support of
      military or state intelligence organizations

      5- are more likely to target organizations of strategic importance such as
      government agencies, defense contractors, high profile manufacturing,
      critical infrastructure operators and their partner ecosystems.

      Cybercriminals are also learning new techniques from these attacks using
      polymorphic code in mass malware attacks and spammers exploiting social
      engineering on social networks. The report also comments that APTs are
      often aimed at stealing intellectual property and suggesting newer roles for
      cybercriminals as information brokers in industrial espionage schemes.

      The report is full of 2011 statistics regarding the extent of security
      breaches, their types and targets, and the extensive information on targeted
      email attacks against industry sectors.


      A link to the full report may be found at:

      http://www.symantec.com/content/en/us/enterprise/other_resources/b-istr_main
      _report_2011_21239364.en-us.pdf

      Bruce Hulme
      ISPLA Director of Government Affairs
      www.ISPLA.org <http://www.ispla.org/>

      Your Proactive Voice from State Capitols to the Nation's Capitol





      [Non-text portions of this message have been removed]
    Your message has been successfully submitted and would be delivered to recipients shortly.