March 7, 2014
Nice little video from Mandiant on "The anatomy of a cyber attack."
Despite the typical firewalls, antivirus, and intrusion detection system, cyber attacks can and do penetrate your systems.
This happens through social engineering (including phishing attempts), automated spam, and zero-day exploits.
Once inside your network, the cyber attacker takes command and control of your computers, surveys your assets, steals user names and passwords, hijacks programs, and accesses valuable intellectual property.
Mandiant performs security incident response management (detecting breaches, containing it, and helping recovery efforts), and they are known for their report "APT1" (2013) exposing an alleged significant government-sponsored cyber espionage group that they state "has systematically stolen hundreds of terabytes of data from at least 141 organizations."
Another fascinating report on a similar topic of advanced persistent threats was done by McAfee on Operation Shady Rat (2011) that reveals over 70 organizations (governments, commercial entities, and more) that were targeted over 5 years and had terabytes of information siphoned off.
The overall risk from cyber espionage is high and the McAfee report states:
- "Every company in every conceivable industry with significant size and valuable intellectual property and trade secrets has been compromised (or will be shortly), with the great majority of the victims rarely discovering the intrusion or its impact."
- "What we have witnessed...has been nothing short of a historically unprecedented transfer of [intellectual] wealth - closely guarded national secrets...disappeared in the ever-growing electronic archived of dogged adversaries."
In short we can't keep a secret--we're putting endless gobs and gobs of our information online and are not adequately protecting it in cyberspace, with the result that our adversaries are able to access, exfiltrate, disclose, modify, or destroy it.
In short, we're giving it all away - why?