Cyber-attacks represent one of the most pervasive threats to the civilized world, second only to the looming danger of weapons of mass destruction, Shawn Henry, former head of the FBI’s cybercrime unit, said in his keynote speech at the annual Black Hat security conference held in Las Vegas last month.
The consensus among security and Web experts is that the Internet has morphed into a necessary evil of sorts; necessary because individuals and companies simply cannot afford to be offline, but evil in the sense that it is the breeding ground for an increasingly advanced and nefarious sort of online criminal.
In fact, cyber-attacks are accelerating at such a torrid pace that many are wondering if there’s anything to be done at all, with sophisticated hacker collectives seemingly always several steps ahead of our best security protocols. But all is not lost, as security experts urge companies to take a proactive, even offensive, role in maintain network security; a last ditch effort to prevent the inmates from taking control of the asylum.
There is nary a week that goes by here at TheTelecomblog that we don’t touch on some aspect of the growing threat of Internet-based crime. If its not hackers hard at work infiltrating websites, stealing information, and posting in online for all to see, its some malicious malware infecting our phones, tablets, and PCs.
During the conference several speakers, particularly Dell SecureWork’s director of malware research Jon Stewart, outlined the current strategies of these online criminals, stating that to date through both direct attacks on networks and the latent use of malware, hackers have cracked into the secure networks of literally thousands of companies over the last few years.
In regards to hacker strategies, Stewart laid out the general MO of the larger, more organized hacker groups. The attacks generally begin by infecting the computer of one employee, using that computer as a told-hold to probe deeper and deeper into one’s secure network, stealing sensitive information.
Another strategy is the use of malware, with hackers developing malicious pieces of code designed specifically to elude spam filters and one’s that carry convincing instructions that lead unsuspecting users to click on them, thus allowing the malware to be loaded on to their computers. One particular hacker gang, according to Black Hat experts, has access to some 678,000 personal computers, some of which those hackers then use to conduct other nefarious online crimes.
As most conferences of this nature go, the keynote speeches were predominantly about the extant threat hackers pose to the civilized world–with some of the scariest presentations involving hacks on newly developed NFC mobile payment technology, ultra-secret undetectable malware and the like–and not so much about what the civilized world can (or should) do about it.
That said, one of the most helpful steps towards maintaining network security is also one of the most basic, work force education. Experts agreed that a company’s network is only as secure as its weakest link, meaning if some of your employees don’t know what links to click on and which ones to avoid; hackers will exploit those vulnerabilities to gain access to your network.