Thursday, January 15, 2015

The True Story of The Three Little Pigs in the digital world

"Then I'll huff, and I'll puff, and I'll blow your house in." These words belongs to one of the most famous tales. The True Story of the Three Little Pigs is the perfect example of how the wolf always finds a way to get into your home. And it gives us a very interesting learning for security industry: if you establish appropriate security measures, he can enter but you will give it a tough time.

Digital wolves lurk around where you least expect it and make use of all tools at their disposal to bring down your defenses. Skeleton malware has recently demonstrated its potential for stealthily accessing the Active Directory dashboard of a global company set in London. It is a remote access trojan that is stored in temporary memory and disappears after reboot. It is even able to filter sensitive information.

This time the target was the company itself, but sometimes it is the users. In late December, American Airlines and United Airlines discovered that thousands of their customers’ credentials had been exploited. It seems that users didn’t take proper security measures (using the same password they used for other services), just like the little and the medium pig.

I2P is one of the anonymity networks that comes to receive the baton from TOR. Actually it has made headlines again because the Cryptowall’s new version 3.0 is operating on such network. In fact, this is the most lucrative ransomware so far. It is estimated that it made over a million dollars from cybercrime. Its modus operandi is always the same: Victims find out that their files have been encrypted by RSA algorithm 2048. So if they want them back, they have to pay.

Like the wolf’s tricks in the story of the three pigs, phishing never goes out of style. An alleged alert from Outlook is the perfect excuse to propagate an annoying adware. The video linked from the email urges the user to install a plugin in order to reproduce the images. But actually such plugin is an executable file that comes with a not very beautiful gift. Nothing new under the sun, but always effective.

What strategies can you take to protect yourself from digital wolves? Obama is very clear. His government will legally protect all companies which share real time information on computer threats. This sort of DEFCON community would enable collaborative learning across firms and quick action by national defense authorities, according to him. On the other hand, it could mean a possible approach to recover the CISPA law, which was intended to require technology suppliers and manufacturers to exchange information so long as the government required.

In relation to both corporate and personal pigs, it does not hurt to review the five trends for security, identification and access control (IAM) announced by CA Technologies a few hours. In a multiuser and multi-device environment, the cell phone will be the access cornerstone for services. It will mean a transition from a desktop-first to a mobile-first architecture, which is something that involves the entire chain and requires new and more immediate technologies.

All this wishing this year to be the year in which services are protected with brick walls. There will still be a chimney from which the wolf can enter, but it remains in your hands to be prepared for it.


Post a Comment