According to a report by FireEye, a company that makes network security appliances, virtually all companies in all industries across the world have been breached.
It does not matter if the company is using a firewall, an anti-virus program, a web proxy, an intrusion-prevention system, or some combination of these measures, attackers have gained access to 97 percent of companies monitored for this report.
A firewall is a device that sits between an organization and the Internet, blocking certain ports and allowing other ports through. Web proxies are used to limit users’ access to the Internet, and an intrusion detection system detects breaches and sends alerts to network security personnel.
The study looked at 1,216 organizations across the world. The top three geographic areas surveyed were North America, with 528 units, Europe, the Middle East, Africa with 351 units, and Asia Pacific with 242 units.
The top destination for command and control (CnC) sessions was the United State; this was attributed to its tech-savvy businesses and users, which make attractive targets. CnC servers are used to control botnets, which the bot herders (hackers) then use to carry out their deeds.
The top three industries with malware call-backs to CnC servers:
- Higher Education
- Financial Services
- Federal Government
No longer are hackers using broad-sweeping methods to try to identify and compromise networks. Instead, they craft methods tailored to individuals or organizations. They will go so far as to plant a hack in a legitimate website that the intended victim is likely to visit, known as “a watering-hole.”
Hackers want everything but the kitchen sink. Advanced persistent threat (APT) processes, like those in China for example, want to know how a business is run, how a business works, and how decisions are made. The information is then used to support state-owned enterprises.
Dynamic analysis systems are the next step in network security systems. These systems watch for tell-tale signs of CnC calls, system files being changed, and anything that might constitute a threat. Then they react accordingly.
In a world where everything is going online, best security practices are essential to a functional Internet where one does not have to worry about data theft with each click.
