Posted on | February 11, 2013 | 2 comments
By Byron Acohido, USA TODAY, 12Feb2013, p.1B
SEATTLE — Disclosures last week about network intrusions at the New York Times and the Federal Reserve demonstrate that some companies have begun taking progressive steps to detect – and limit damage – from persistent cyber intruders.
Thieves and spies are hacking into company networks as intensively as ever. But some large organizations are starting to limit the damage they can do, once inside. And information about successful defense strategies are being more widely shared for the greater good.
“If you stop the bad actor from taking action on his or her objective, you win,” says Steve Adegbite, director of cyber security at defense giant Lockheed Martin.
Over the past 18 months, U.S. companies and agencies have more readily acknowledged that breaches are occurring daily and have moved to update systems for detecting persistent intruders and limiting the damage they can do, security experts say.
The New York Times hired forensics firm Mandiant, which used military-style counter intelligence tactics to detect and cripple intruders, who appeared to be based in China. The paper then surprised many in the security community by sharing details of Mandiant’s findings.
“It’s turning a page,” says Kurt Baumgartner, senior security analyst at Kaspersky Lab. “They immediately disclosed what the attackers were looking for, down to the reporters’ material the attackers were hunting.”
A day after the Times ‘disclosure, the Wall Street Journal announced that it detected and blocked network intruders, also appearing to originate from China. Then last Thursday, the Federal Reserve disclosed a breach of one of its internal websites. The intruders got a access to emergency contact information for 4,000 banking executives. But the agency said no critical operations were affected.
Those cases illustrate how companies and agencies are focusing on tactics to flush out intrusions in progress and prevent the attack from accessing the most valuable intellectual property, says Eddie Schwartz, chief information security officer at security firm RSA.
“There is a growing awareness that organizations are under constant attack in terms of nation-state espionage, organized criminal theft and hacktivist action and that they must implement equally advanced and committed approaches,” says Schwartz.
Security analysts hope that other breached organizations, led by the Times’ example, share detaied intelligence about both successes and failures in defending against cyber intruders.
“It’s like being at an Alcoholics Anonymous meeting – first you have to acknowledge you have a problem,” says Gunter Ollmann, chief technology officer at security consultancy IOActive.
Chris Petersen, chief technology officer at tech systems provider LogRhythm, cautions that cybercrime has become a rich and resilient global industry. “The motiviations driving malicious cyber activities continue to rise,” Petersen says. “There is money to be made, points to get across and war to wage.”