Attacks/Breaches
3/5/2014
12:06 PM
Martin Lee
Martin Lee
Commentary
Connect Directly
LinkedIn
Twitter
RSS
E-Mail

Data Breach: ‘Persistence’ Gives Hackers the Upper Hand

Hackers are winning on speed and determination. But we can stack the odds in our favor by shifting the time frames of an attack. Here's how.
2 of 2

Shifting the odds towards success
(Image: 2012 Verizon Data Breach Investigations Report)

2 of 2
Comment  | 
Print  | 
Comments
Newest First  |  Oldest First  |  Threaded View
MartinL923
50%
50%
MartinL923,
User Rank: Apprentice
3/7/2014 | 5:40:14 AM
Re: The Economics of Cybercrime
As Stephen Colbert pointed out at RSA, the NSA showed how an organisation with an unlimited budget can get pwned by a 29 year old with a thumb drive.

Too often security spending seems to be about justifying budgets rather than considering how we can slow down and frustrate attackers, while speeding up detection and remediation. Organisations need to think where their valuable data is located, how it is accessed, and how they would know if someone accessed it improperly.
Gary Scott
50%
50%
Gary Scott,
User Rank: Apprentice
3/6/2014 | 1:39:33 PM
The Economics of Cybercrime
Cybercrime is a function of economics.  If the potential for reward is greater than the sum of time, cost and risk of an attack, you will see cybercrime continue.  The same economics are true on the company's part.  Companies spend millions of dollars building walls but freely allow digital data - usually hard drives – be removed by anyone with an "electronic recycling" t-shirt.

When performing an IT refresh or decommissioning equipment, focus on data destruction first and recycling second.  It could save your company from what Target is going through. 
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-3308
Published: 2015-09-02
Double free vulnerability in lib/x509/x509_ext.c in GnuTLS before 3.3.14 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted CRL distribution point.

CVE-2015-4330
Published: 2015-09-02
A local file script in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows local users to gain privileges for OS command execution via invalid parameters, aka Bug ID CSCuv10556.

CVE-2015-6274
Published: 2015-09-02
The IPv4 implementation on Cisco ASR 1000 devices with software 15.5(3)S allows remote attackers to cause a denial of service (ESP QFP CPU consumption) by triggering packet fragmentation and reassembly, aka Bug ID CSCuv71273.

CVE-2015-6277
Published: 2015-09-02
The ARP implementation in Cisco NX-OS on Nexus 1000V devices for VMware vSphere 5.2(1)SV3(1.4), Nexus 3000 devices 7.3(0)ZD(0.47), Nexus 4000 devices 4.1(2)E1, Nexus 9000 devices 7.3(0)ZD(0.61), and MDS 9000 devices 7.0(0)HSK(0.353) and SAN-OS NX-OS on MDS 9000 devices 7.0(0)HSK(0.353) allows remote...

CVE-2015-6587
Published: 2015-09-02
The vlserver in OpenAFS before 1.6.13 allows remote authenticated users to cause a denial of service (out-of-bounds read and crash) via a crafted regular expression in a VL_ListAttributesN2 RPC.

Dark Reading Radio
Archived Dark Reading Radio
Another Black Hat is in the books and Dark Reading was there. Join the editors as they share their top stories, biggest lessons, and best conversations from the premier security conference.