Security Strategies

Polymorphic Attacks Reshape Security Landscape

The growth of polymorphic attacks, which change over time or use one kind of attack to mask another, is forcing the telecom industry to reshape its view of cyber security to be broader in scope and based more on network intelligence and behavior patterns.

The move away from traditional solutions such as firewalls and signature-based detection is one part of the strategic shift among managed security services providers and their vendors. The shift is an to attempt to try to keep up with innovation by the bad guys, who are constantly looking for new exploits. In this first of three articles on evolving network security strategies, we'll look at the threats themselves and how they are changing, according to experts on the front lines of protection.

One definite trend is the growth in polymorphic attacks, which either combine a so-called volumetric attack involving high volumes of traffic such as distributed denial of service (DDoS) attacks with a data breach, or morph over time from one type of attack to another. For example, a DDoS can be used to distract attention away from another type of data breach.

Read the latest on issues around network security in our security section
right here on Light Reading.

"We are seeing a dramatic increase in the number of polymorphic types of attacks," Dave Ostertag, Verizon Enterprise Solutions 's global investigations manager, said in November in a panel at Light Reading's Carrier Network Security Strategies event. In many cases, the same players are involved as in earlier attacks -- Eastern European crime syndicates, for example -- but their motivations have changed, he said. (See Verizon: Cyber Attacks Hit New Targets in New Ways.)

"They are now involved in nation-state geopolitical attacks," Ostertag said. "We see the US put sanctions on Russia, and then we see those same players that were financially motivated attacking with a disruptive attack, either a traditional DDoS attack or going after those servers that are critical to doing business with a data grab to post on the Internet for embarrassment purposes."

At the same time, however, some of the data originally grabbed in polymorphic breaches of the past is now being used for financial gain. Ostertag cites the Anthem Inc. breach, which affected medical data held by the insurance company that was stolen originally for embarrassment purposes. A year down the road, and the information is being used for financial gain.

Next page: Shifting motivation requires new responses

1 of 3
Next Page
Page 1 / 2   >   >>
sunilchacko 1/1/2016 | 4:53:54 AM
Security techniques are changing rapidly Gone are the days when an AV or a FW were good enough to secure the perimeter and endpoints.  Today the sophistiation of attacks makes a newly launched security product go obsolete or be rendered useless very quickly. It is also making the board hesitate to spend on security when they know they have to respend the same amount, if not more in another quarter. 
jabailo 12/18/2015 | 9:39:53 PM
Re: Learning from terrorists? Finance, sure, if you wanted to finance things that are normally monitored how would you do it.   Prior to more restrictions, email ads for drugs and online gambling seemed open for exploitation.   Lots of money transferred outside the US to who knows who.
jabailo 12/18/2015 | 9:35:22 PM
Re: IoT vulnerabilities I've read that both Russia and China and certainly North Korea employ buildings full of people to hack our systems.  China has certainly been charged with intellectual property hacking.   Russia with various spam and virus creation.   North Korea seems to generalize in general mayhem with hacking into our content proceses like blogs and social media.

I often wonder if much of the Mass Trolling efforts I encounter in forums (where people use the same scripted arguments over and over) derive from these groups.  Of course, saying so without hard evidence bespeaks tinfoilism, but a process of inference suggests so.

Mitch Wagner 12/18/2015 | 8:18:13 PM
Re: IoT vulnerabilities Attacks for financial gain are worrrisome. So are attacks waged for military reasons. We're seeing increasing news about state-sponsored hacking. 

Simply saying yeah that'll never happen isn't sufficient. It'll never happen if we make it never happen. 
danielcawrey 12/18/2015 | 7:16:45 PM
Re: Learning from terrorists? Financial crimes are now the primary motivator for these attacks if you ask me. It makes me think about back when viruses were first cast out onto computers. The purpose then was way different than what we're seeing now. Because of this, I expect the authorities to start paying closer attention to things like polymorphic attacks. 
jabailo 12/18/2015 | 3:07:45 PM
Re: Learning from terrorists? Eventually they will need some AI technologies that learn patterns and respond appropriately.   Of course by then the hackers will probably be using those same techniques!

jabailo 12/18/2015 | 3:06:30 PM
Re: Learning from terrorists? In Mumbai they were even more diabolical.   After early attacks they attacked the Emergency Room entrance so they couldn't handle the incoming wounded.


mendyk 12/18/2015 | 9:21:41 AM
Re: IoT vulnerabilities Re IoT, we don't get a chance to do a collective cost-benefit analysis of technology developments. They happen, and then if they catch on, legislators and regulators spend a decade or two trying to catch up, although they never quite get there. Point-of-failure vulnerabilities in comm networks, power grids, water supply systems, and other essential infrastructure predate IoT, and they'd continue to exist even if one more machine never got to communicate with another machine.
cnwedit 12/17/2015 | 4:40:09 PM
Re: IoT vulnerabilities Mitch,

One of the things the panel in NYC discussed is the fact that they are under pressure to develop soluttions for problems that may never develop because of all the media frenzy around hackable cars and other IoT devices. 

It is a scary proposition, but it's also important to remember that cyber criminals go where the money is. It's far more likely that they will target health care records than someone's pacemaker or implanted medical device. 

But then it's far more likely than a US citizen will die as the result of texting while driving than at the hands of ISIS terrorists, yet we're much more worried about the latter. 
Mitch Wagner 12/17/2015 | 3:52:40 PM
IoT vulnerabilities IoT vulnerabilities scare me. You think leaking customer credit card numbers are scary, imagine attackers taking over autonomous cars and driving them into pedestrians. Or dropping fly-by-wire planes out of the sky. Then imagine artificial, network-connected organs and limbs and the havoc attackers could werak. 
Page 1 / 2   >   >>
Sign In