Perimeter
4/2/2010
01:42 PM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%

Share -- Or Keep Getting Pwned

Forget the bad guys: Sometimes it seems like the security industry doesn't trust itself. There's too much internal hoarding of intelligence for privacy or competitive reasons and too little sharing of information among researchers, victims, and law enforcement about real attacks. All this does is give the cybercriminals an edge.

Forget the bad guys: Sometimes it seems like the security industry doesn't trust itself. There's too much internal hoarding of intelligence for privacy or competitive reasons and too little sharing of information among researchers, victims, and law enforcement about real attacks. All this does is give the cybercriminals an edge.Take the attacks on Google, Adobe, Intel, and others out of China (a.k.a. "Operation Aurora"). McAfee and other security firms investigating victims' systems each had is own fiefdom of intelligence, occasionally publicly sharing bits of information, like the Internet Explorer zero-day bug used in many of the initial attacks. But did anyone have the whole picture of the attacks?

McAfee published some of its analysis of the malware it found in over a dozen (undisclosed) companies' systems, which was helpful. But McAfee admitted this week that it had misidentified some malware as part of the attack when in fact it was from a separate one. But it didn't go public with that information after Google blogged about "a separate cyber threat" targeting Vietnamese users around the world. Meanwhile, at least one security firm that had spent time analyzing it for clues under the assumption that it was part of the same series of attacks, Damballa, isn't sold that the attacks aren't related.

Maybe McAfee and Damballa should have talked once in a while.

Confused yet?

I understand the business reasons for jealously guarding the information security firms dig up. But with them typically working independently -- with the exception being some botnet-takedown collaboration -- and not sharing their knowledge along the way, it sometimes results in spinning wheels, confusion, and lost momentum. That in turn translates to more time and opportunity for the bad guys to get in or stay in, cash in, and get out.

And there's something really wrong when victim companies are afraid to report an attack to law enforcement. Of course they don't want to go public with a breach unless they have to by law, but many fear public exposure when they go to the feds. And those that have given breach information to the FBI, for instance, traditionally have gotten nothing in return, anyway. But the FBI says all of that is changing, and that they are providing feedback and intelligence to the victims. Whether that convinces wary victims to go to the bureau or not remains to be seen.

The big question here is this: is there anyone looking at the big picture of these real attacks? Connecting the dots, sifting through the chaff, and correlating trends among them should be a priority for victim organizations, researchers, forensics investigators, and law enforcement. Otherwise the bad guys who are infecting companies with banking Trojans, stealing their intellectual property, and converting their enterprise machines into bots, will just keep owning us.

-- Kelly Jackson Higgins, Senior Editor, Dark Reading Follow Kelly (@kjhiggins) on Twitter: http://twitter.com/kjhiggins Kelly Jackson Higgins is Executive Editor at DarkReading.com. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Five Emerging Security Threats - And What You Can Learn From Them
At Black Hat USA, researchers unveiled some nasty vulnerabilities. Is your organization ready?
Flash Poll
Title Partners Role in Perimeter Security
Title Partners Role in Perimeter Security
Considering how prevalent third-party attacks are, we need to ask hard questions about how partners and suppliers are safeguarding systems and data.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
Join Dark Reading community editor Marilyn Cohodas and her guest, David Shearer, (ISC)2 Chief Executive Officer, as they discuss issues that keep IT security professionals up at night, including results from the recent 2016 Black Hat Attendee Survey.