Perimeter
4/2/2010
01:42 PM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%

Share -- Or Keep Getting Pwned

Forget the bad guys: Sometimes it seems like the security industry doesn't trust itself. There's too much internal hoarding of intelligence for privacy or competitive reasons and too little sharing of information among researchers, victims, and law enforcement about real attacks. All this does is give the cybercriminals an edge.

Forget the bad guys: Sometimes it seems like the security industry doesn't trust itself. There's too much internal hoarding of intelligence for privacy or competitive reasons and too little sharing of information among researchers, victims, and law enforcement about real attacks. All this does is give the cybercriminals an edge.Take the attacks on Google, Adobe, Intel, and others out of China (a.k.a. "Operation Aurora"). McAfee and other security firms investigating victims' systems each had is own fiefdom of intelligence, occasionally publicly sharing bits of information, like the Internet Explorer zero-day bug used in many of the initial attacks. But did anyone have the whole picture of the attacks?

McAfee published some of its analysis of the malware it found in over a dozen (undisclosed) companies' systems, which was helpful. But McAfee admitted this week that it had misidentified some malware as part of the attack when in fact it was from a separate one. But it didn't go public with that information after Google blogged about "a separate cyber threat" targeting Vietnamese users around the world. Meanwhile, at least one security firm that had spent time analyzing it for clues under the assumption that it was part of the same series of attacks, Damballa, isn't sold that the attacks aren't related.

Maybe McAfee and Damballa should have talked once in a while.

Confused yet?

I understand the business reasons for jealously guarding the information security firms dig up. But with them typically working independently -- with the exception being some botnet-takedown collaboration -- and not sharing their knowledge along the way, it sometimes results in spinning wheels, confusion, and lost momentum. That in turn translates to more time and opportunity for the bad guys to get in or stay in, cash in, and get out.

And there's something really wrong when victim companies are afraid to report an attack to law enforcement. Of course they don't want to go public with a breach unless they have to by law, but many fear public exposure when they go to the feds. And those that have given breach information to the FBI, for instance, traditionally have gotten nothing in return, anyway. But the FBI says all of that is changing, and that they are providing feedback and intelligence to the victims. Whether that convinces wary victims to go to the bureau or not remains to be seen.

The big question here is this: is there anyone looking at the big picture of these real attacks? Connecting the dots, sifting through the chaff, and correlating trends among them should be a priority for victim organizations, researchers, forensics investigators, and law enforcement. Otherwise the bad guys who are infecting companies with banking Trojans, stealing their intellectual property, and converting their enterprise machines into bots, will just keep owning us.

-- Kelly Jackson Higgins, Senior Editor, Dark Reading Follow Kelly (@kjhiggins) on Twitter: http://twitter.com/kjhiggins Kelly Jackson Higgins is Executive Editor at DarkReading.com. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
Title Partner’s Role in Perimeter Security
Title Partner’s Role in Perimeter Security
Considering how prevalent third-party attacks are, we need to ask hard questions about how partners and suppliers are safeguarding systems and data.
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-5211
Published: 2015-01-27
Stack-based buffer overflow in the Attachmate Reflection FTP Client before 14.1.433 allows remote FTP servers to execute arbitrary code via a large PWD response.

CVE-2014-8154
Published: 2015-01-27
The Gst.MapInfo function in Vala 0.26.0 and 0.26.1 uses an incorrect buffer length declaration for the Gstreamer bindings, which allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors, which trigger a heap-based buffer overf...

CVE-2014-9197
Published: 2015-01-27
The Schneider Electric ETG3000 FactoryCast HMI Gateway with firmware before 1.60 IR 04 stores rde.jar under the web root with insufficient access control, which allows remote attackers to obtain sensitive setup and configuration information via a direct request.

CVE-2014-9198
Published: 2015-01-27
The FTP server on the Schneider Electric ETG3000 FactoryCast HMI Gateway with firmware through 1.60 IR 04 has hardcoded credentials, which makes it easier for remote attackers to obtain access via an FTP session.

CVE-2014-9646
Published: 2015-01-27
Unquoted Windows search path vulnerability in the GoogleChromeDistribution::DoPostUninstallOperations function in installer/util/google_chrome_distribution.cc in the uninstall-survey feature in Google Chrome before 40.0.2214.91 allows local users to gain privileges via a Trojan horse program in the ...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
If you’re a security professional, you’ve probably been asked many questions about the December attack on Sony. On Jan. 21 at 1pm eastern, you can join a special, one-hour Dark Reading Radio discussion devoted to the Sony hack and the issues that may arise from it.