Polymorphic Attacks Reshape Security Landscape
The growth of polymorphic attacks, which change over time or use one kind of attack to mask another, is forcing the telecom industry to reshape its view of cyber security to be broader in scope and based more on network intelligence and behavior patterns.
The move away from traditional solutions such as firewalls and signature-based detection is one part of the strategic shift among managed security services providers and their vendors. The shift is an to attempt to try to keep up with innovation by the bad guys, who are constantly looking for new exploits. In this first of three articles on evolving network security strategies, we'll look at the threats themselves and how they are changing, according to experts on the front lines of protection.
One definite trend is the growth in polymorphic attacks, which either combine a so-called volumetric attack involving high volumes of traffic such as distributed denial of service (DDoS) attacks with a data breach, or morph over time from one type of attack to another. For example, a DDoS can be used to distract attention away from another type of data breach.
right here on Light Reading.
"We are seeing a dramatic increase in the number of polymorphic types of attacks," Dave Ostertag, Verizon Enterprise Solutions 's global investigations manager, said in November in a panel at Light Reading's Carrier Network Security Strategies event. In many cases, the same players are involved as in earlier attacks -- Eastern European crime syndicates, for example -- but their motivations have changed, he said. (See Verizon: Cyber Attacks Hit New Targets in New Ways.)
"They are now involved in nation-state geopolitical attacks," Ostertag said. "We see the US put sanctions on Russia, and then we see those same players that were financially motivated attacking with a disruptive attack, either a traditional DDoS attack or going after those servers that are critical to doing business with a data grab to post on the Internet for embarrassment purposes."
At the same time, however, some of the data originally grabbed in polymorphic breaches of the past is now being used for financial gain. Ostertag cites the Anthem Inc. breach, which affected medical data held by the insurance company that was stolen originally for embarrassment purposes. A year down the road, and the information is being used for financial gain.
Next page: Shifting motivation requires new responses