Date:10/10/11
Unsuccessful targeted cyber attacks can yield useful information on future targets and attack vectors, according to a researcher at security firm Symantec.
This suggests that IT departments would be well advised to share data on all types of persistent attacks with their security vendors, in order to be better safeguarded in future.
Martin Lee, senior analyst at Symantec, wrote on his blog that his resesearch is aided by the small number of targeted attacks, and the fact that attackers will often keep trying to breach the target's security.
"Since April 2008, when we started recording such attacks, we have identified 72,500 targeted attack emails sent to 28,382 email addresses," he wrote.
"To put this into context, we block approximately 500,000 malicious emails each day, sent to the approximately 10 million email addresses that we protect.
"However, the rarity of targeted attacks and the persistence of attackers can be exploited by researchers to draw up maps of activity of what may be the activities of single gangs."
He explained that companies are often reluctant to release details of successful attacks for fear of revealing their own security failings, but details of unsuccessful attacks can also prove useful.
Presenting his research at the Virus Bulletin conference in Barcelona this week, he explained the type of intelligence likely to be held in this data.
"By looking at the kinds of organisations that are being targeted, the industries that they're in and other data such as geographic location, it's possible to identify some interesting patterns," said Lee, according to security firm Kaspersky's news service Threatpost.
"We can come up with guesses as to who's next. It's an interesting question. "What tends to get overlooked is the attacks that weren't successful and were identified. Once you start pulling the data together, you can analyse it topologically and see what's going on."
However, there are still areas of uncertainty, in particular when it comes to understanding the reason behind some types of attack.
"It's not clear what the business model is with many of these attacks," he said. "We don't necessarily know how they're making money from this."
Researchers say failed attacks yield useful information
Unsuccessful targeted cyber attacks can yield useful information on future targets and attack vectors, according to a researcher at security firm Symantec.This suggests that IT departments would be well advised to share data on all types of persistent attacks with their security vendors, in order to be better safeguarded in future.
Martin Lee, senior analyst at Symantec, wrote on his blog that his resesearch is aided by the small number of targeted attacks, and the fact that attackers will often keep trying to breach the target's security.
"Since April 2008, when we started recording such attacks, we have identified 72,500 targeted attack emails sent to 28,382 email addresses," he wrote.
"To put this into context, we block approximately 500,000 malicious emails each day, sent to the approximately 10 million email addresses that we protect.
"However, the rarity of targeted attacks and the persistence of attackers can be exploited by researchers to draw up maps of activity of what may be the activities of single gangs."
He explained that companies are often reluctant to release details of successful attacks for fear of revealing their own security failings, but details of unsuccessful attacks can also prove useful.
Presenting his research at the Virus Bulletin conference in Barcelona this week, he explained the type of intelligence likely to be held in this data.
"By looking at the kinds of organisations that are being targeted, the industries that they're in and other data such as geographic location, it's possible to identify some interesting patterns," said Lee, according to security firm Kaspersky's news service Threatpost.
"We can come up with guesses as to who's next. It's an interesting question. "What tends to get overlooked is the attacks that weren't successful and were identified. Once you start pulling the data together, you can analyse it topologically and see what's going on."
However, there are still areas of uncertainty, in particular when it comes to understanding the reason behind some types of attack.
"It's not clear what the business model is with many of these attacks," he said. "We don't necessarily know how they're making money from this."
Views: 651
©ictnews.az. All rights reserved.
Similar news
- Cellphone Use May Raise Cancer Risk
- Australian police pushes cyber safety education
- Vietnam aims to lead in e-government
- Senate Website Gets Hacked
- US builds net for cyber war games
- Japan enacts anti-computer virus law
- India passes law vs e-waste
- Anonymous Declares War On The City Of Orlando
- Microsoft highlights evolving dangers as online identity data proliferates
- Consumers want internet security to be provided by banks
- Government facilities targets of cyber attack
- South Korean web attacks might been war drill
- Sri Lanka to Establish National Passport Database to Increase Border Security
- Hi-tech crime agencies set to employ information security professionals
- Phone hacking and online campaign bring down the News of the World
