State-sponsored attacks expected to get worse

News by Steve Gold

A loss of confidence in perimeter defence has led many infosec professionals to question the ability of their organisation to withstand Advanced Persistent Threats (APTs).

Research based on a survey from Black Hat USA - which took place in Las Vegas in the late summer - claims to show that the hacking landscape will get much worse, with ever more complex state-sponsored attacks coming down the technology pipeline.

The problem is made potentially worse, says Lieberman Software, the sponsor of the research, by the fact that many IT security professionals cannot even confirm whether or not their network has already been breached.

Researchers found that 58 percent of the 130 respondents think that their network may have already been breached by a foreign state-sponsored attack. In addition, the survey revealed that half of IT security experts believe that security awareness within their business is only average - whilst more than one in ten admit that security awareness within their own organisation is bad.

Delving into the report reveals that 44 percent of those polled think that the US is losing the battle against state-sponsored attacks - and only 48 percent are confident that their IT staff could detect the presence of an attacker who attempts to breach their network or extract private data.

Commenting on the survey findings, Philip Lieberman, Lieberman Software's president, said that cyber-attacks are evolving at an astounding pace and, because of this, we - as an industry - are constantly facing extremely sophisticated attacks, something which we have never witnessed before.

"Organisations need to take this threat seriously, they cannot stop these attacks - and building taller and thicker walls won't keep the hordes out," he explained.

A different approach

According to Craig Carpenter, CMO with AccessData, the computer forensics specialist, defending against targeted and state-sponsored attacks requires a very different approach to defending against common viruses and mass malware that CISOs are used to dealing with on a daily basis.

"This is reflected in the Lieberman report finding that only 13 percent of respondents are confident in existing security tools such as anti-malware and firewalls, with almost a fifth (22 percent) stating that they are not at all confident in the ability of these security tools to protect their organisations against APTs," he said.

Carpenter added that standard incident response tools and processes are still very manual and can become overwhelmed at several stages of the process - both in terms of discovering breaches and when responding to them.

Currently, he explained, IT teams are suffering from alert overload. Prevention and detection systems, he says, such as next-generation firewalls and advanced malware systems are effective at finding the majority of threats, but they do not find everything - and they do a poor job of prioritising potential threats that are discovered and validating which threats are real versus false positives.

"Incident response teams simply cannot keep up with the accelerating volume of alerts hitting them daily. This all but guarantees that threats will be detected but go un-investigated, allowing an attacker to roam freely inside a network for weeks if not months," he said.

Loss of confidence

Andrew Mason, co-founder and technical director of Leeds-based RandomStorm, meanwhile, said that the Lieberman report reflects the loss of confidence in traditional perimeter defence systems for combating state-sponsored attacks and advanced persistent attacks.

"With so many malware variants and vectors for attack and with the Shellshock bug being actively targeted by botnet operators and hackers, IT teams now expect to be attacked and are constantly reviewing the security status of their networks and endpoint devices for signs of malicious activity," he said.

However, he added, the sheer volume of alerts can result in really critical events hiding in plain view, delaying the time taken to isolate compromised areas of the system and shut down devices that are leaking information.

"IT managers need to use technology to automate the prioritisation and correlation of incidents, events and alerts, allowing them to effectively bring more hands on deck while they use their expertise and systems knowledge to protect critical assets from being tampered with, leaked, or stolen," he noted.

Keith Bird, UK managing director with Check Point, was also pragmatic in the face of a rising tide of attack vectors and threat actors.

"Irrespective of whether attacks come from criminal hackers or state agencies, attacks are increasing in complexity and getting harder to defend against. 

"Our 2014 Security Report showed that on average, new malware hits companies six times per hour, and two of those malware variants will not be recognised by the organisation's anti-malware defences," he said, adding that companies need to deploy multiple layers of defence to protect themselves against these sophisticated attacks.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews