News - CIOInsight

Home

News

Advanced Cyber-Attack Hysteria Clouding Security Picture

Stop Searching.
Start Finding.

IT Management Solutions »

CIO STRATEGY

The Perfect IT Book for the Business?

Parkinson needs a book that explains IT to the business. Got any suggestions?

News

Advanced Cyber-Attack Hysteria Clouding Security Picture

By CIOinsight
2011-04-25
Article Views: 2211
Article Rating:

/ 3

Instead of admitting security system failure, many companies are now crying wolf by claiming they were hit by advanced persistent threats.

Rate This Article:

Add This Article To:

Digg this

Del.icio.us

Slashdot

Y! My Web

E-mail

Furl

Google

Simpy

Spurl!

PDF Version

When RSA Security disclosed in February that a third party had breached its networks, the company claimed that it had been hit by an advanced persistent threat. Federal research facility Oak Ridge National Laboratory also blamed its recent breach on an APT.

For both RSA and Oak Ridge, the attacks turned out to be a spear-phishing attack. In both cases, employees were tricked into opening the attached file that came with an email that looked like it came from within their organizations.

Almost all publicized and self-declared APT attacks this year have originated as spear phishing, Anup Ghosh, founder and chief scientist of Invincea, told eWEEK. Spear phishing may not be a “glamorous” way of breaching the network, but it is an extremely effective one, Ghosh said.

There is a growing feeling among security researchers that organizations were using APT as a convenient excuse when their network security has been breached. “The funny thing here is that the malware used in most of the ‘APT’ attacks we've seen recently isn't really all that nefarious; it’s just the new stuff on the market,” Ghosh said.

While APTs are generally attacks that target sensitive data and are generally not opportunistic attacks, Ghosh noted that the attack methodology is not advanced at all. “Prey on the natural curiosities of the user; bank on the fact that organizations are using antiquated technology; get the user to open up the door to the network, establish residency, scan and move laterally—and all along the way, duping one user after another,” Ghosh said.

In the 2011 Data Breach Investigations Report, researchers from Verizon Business expressed some concerns about “APT hysteria” that has swept the security industry. The term’s originators intended it to refer to allegedly state-sponsored attacks from China, and others use it to describe any threat possessing “above average skill and determination,” Verizon researchers wrote.

However, it’s gotten to the point where thinking that “everyone is a target” of an APT has led to “irrational fears about the boogeyman while common thieves clean you out of house and home,” according to the report.

For more, read the eWEEK article: Advanced Cyber-Attack Claims Are Usually False, Overhyped.

test



	>>> More News Articles >>> More By CIOinsight

Email Article To Friend ♦ Print Version Of Article ♦ PDF Version Of Article

FEATURED SPONSORED VIDEOS

Security and Availability Essentials for Running Your Business in the Cloud

Cyber Security Trends and Challenges for 2012

IPv6 Integration and Migration

View More Videos

Brought to You By

FEATURED SPONSORED ARTICLES

Erasable E-Paper Saves Trees, Cuts Costs

Why Smart Companies Should Adopt the Lessons of Gaming

Interest in Mobile WiFi Hotspots Fuels New Solutions

A Closer Look at Public Cloud Security

View More Articles

Brought to You By

EDITORS' PICKS

8 Dirty Little Tech Secrets

What Would You Sacrifice For A New Smartphone?

Android, iOS More Popular in the Enterprise Than BlackBerry

The CIO Insight 2011 Fall Reading List

We're Going All-In With Apple: Now What?

	LATEST STORIES
	- IT Careers: Departures Mark Exec Shuffles at... - Microsoft Office on iPads, Android Tablets C... - Quest Software Acquisition Would Bolster Del... - N.J. Mayor, Son Arrested for Computer Hackin... - Why HP's Next Leader Should Come from Within...

FEEDBACK

Send your thoughts about CIO Insight, its Web site, and any individual articles to editors@cioinsight-ziffdavisenterprise.com

	Ziff Davis Enterprise RSS Feeds
	Get CIO Insight news delivered to your desktop with RSS.


		Try Windows Azure free for 90 days Introducing the world's first family of systems with integrated expertise FREE Securing Smartphones & Tablets for Dummies Book from Sophos 77% of the Fortune 500 Manage Content Securely with Box. Leverage your virtual computing environment with Dell. Build an IT Infrastructure That Delivers the Future 5 New Technologies That Will Change Enterprise IT

CIO Insight:	Issue Index \| Contact Us \| About \| Advertise \| Magazine Customer Service \| Site Map
Quick Links:	Enterprise Mobility Zone \| Management Case Studies \| Loyalty Programs \| Term Sheet \| Strategy Maps \| Organizational Behavior \| Net Present Value Calculator \| Link to Us
	Security: Network Security Entprise Networking Infrastructure Security How To: Data IT Security News Cheap Hack Blog Security Watch Blog Storage: Storage Cloud Storage Storage Virtualization Network Access Storage Storage Reviews Data Storage News How To: Storage Storage Station Blog Computing: Apple OSX Linux Systems Windows Vista Managed Print Services Cloud Computing PC Reviews Microsoft Watch Blog Apple Watch Blog Google Watch Blog Communications: VoIP Solutions Wireless Technology Messaging Software Web Services Mobile Applications Wireless News Mobile Reviews Apps & Development: Application Development SAAS Search Engines Database Software Web 2.0 IT Project Management Emerging Tech Blog CIO Insight Blogs CIOs
	Vertical Markets: Federal Government IT Health Care IT Finance IT Mid-Market Channel Partners Careers Blog Value Added Resellers More eWeek Links: Green Computing Tech Knowledge Center Tech Newsletters Tech RSS Feeds White Papers Tech Podcasts Tech Videos Magazine Subscriptions Enterprise Websites: ZDE Home eWeek Baseline Channel Insider CIO Insight eSeminars eWeek Mid-Market Publish Online Web Buyers Guide Developer Websites: Dev Shed DeveloperShed ASP Free MS DevSource SEO Chat Codewalkers Tutorialized Scripts.com Dev Mechanic Dev Articles Web Hosters Dev Hardware Technology Websites: Device Forge Desktop Linux Linux Devices Windows for Devices TechDirect iGrep Search Engine PDF Zone Linux Watch
	Use of this site is governed by our Terms of Use and Privacy Policy Copyright ©1996-2012 Ziff Davis Enterprise Holdings Inc. All Rights Reserved. eWEEK and Spencer F. Katt are trademarks of Ziff Davis Enterprise Holdings, Inc. Reproduction in whole or in part in any form or medium without express written permission of Ziff Davis Enterprise Inc. is prohibited. eWeek is your best source for the latest Technology News. ZDE Cluster 2.

Stop Searching. Start Finding.

Advanced Cyber-Attack Hysteria Clouding Security Picture

Instead of admitting security system failure, many companies are now crying wolf by claiming they were hit by advanced persistent threats.

test

Related Content

Stop Searching.
Start Finding.