- Imperva research finds insiders are most often responsible for data loss in businesses
- Survey also shows IT security managers in businesses have significant concerns about Cloud Computing
- Correlation to IT Security Trends for 2011 from the Imperva Application Defense Center (ADC)
According to a recent survey of 100 anonymous German IT security managers, conducted by Imperva and entitled "Application Data Protection"; many of the respondents saw insider threat as the biggest danger when it came to data loss within corporate networks (54 percent). Far fewer respondents took the chance to blame anyone at all (25 percent), and even less believed that hackers were primarily responsible for data theft incidents (21 percent). Another result showed that 70 percent of respondents were not planning to outsource mission-critical or sensitive data, as part of a cloud-project to an external service provider, over the next twelve months.
Dietmar Kenzle, Regional Sales Director DACH & Eastern Europe: “Employees within a company, that have privileged rights, i.e. the ‘insider’, are increasingly becoming the focus of IT security managers. The ability to directly access company databases is enough motivation to turn a regular employee into a potential criminal. The database server is the usual target for insider employees as it is a Bastion that is easy to take and also highly rewarding. To prevent sensitive data from falling into the wrong hands companies should be aware of possible scenarios and the methods of criminal insiders. Through the use of appropriate tools, for example, third party cloud providers, security compromises may be averted or at least mitigated."
Kenzle added: "Concerns of a different kind are evident in the transfer of sensitive data to the cloud. Certainly there will be common problems in the foreseeable future as current research shows that many companies are still skeptical about this step. Many perceive the risks in having all their information stored in a virtual stratum to be too great as it still remains to be seen which security mechanisms will provide the most reliable protection. The use of a web application firewall - especially in a third-party managed service - is an essential building block made within a security framework for the cloud."
What will IT security managers face in 2011?
The survey findings correlated with the latest IT security trends for 2011 which Imperva published in their annual report in November. Analysis of data security incidents by the Imperva Application Defense Center (ADC) in the past year showed that IT security managers will have to face 2011 with challenges in three key areas:
- The protection of mobile devices will play a more important role. Providing more complex identification and authentication solutions for mobile devices will become a particular area of focus due to the expected increase in the volume of mobile malware attacks.
- A late reaction. Companies will start to move part of their data storage and applications to the Cloud, culminating in the gradual establishment of Cloud-based data security solutions by the end of 2011.
- Possible increase in the State support of cyber-attacks such as Stuxnet will build on the concepts and techniques of the commercial hacking industry; thus an increase in unnoticed and ongoing spy networks (Advanced Persistent Threats (APT)) will be made possible.
Amichai Shulman, CTO of Imperva, said: "We expect, in the coming months, clearly different threat scenarios that will provide data security managers with a number of major challenges. The biggest potential danger is posed by the growing proliferation of advanced mobile devices used to access corporate networks. I expect that we will, next year, see the first major data security incident that will be caused by such high-risk devices. In addition, incidents which are based on advanced techniques for permanent spying networks will become an increasingly major problem to businesses - political and financial gain being the most prominent driving forces of these issues."
- Below is a media alert from Amit Klein, Trusteer's CTO new research which shows that a Zeus botnet is targeting credit card accounts of major retailers including Macy’s and Nordstrom.
- Just in time for the holidays – Zeus targets major retailers
Our research group recently discovered a Zeus botnet that is targeting credit card accounts of major retailers including Macy’s and Nordstrom just as the holiday gift buying season is in full swing. We captured and analyzed malware samples designed to steal credit card information, probably in order to conduct card-not-present (CNP) fraud. This attack is using a Zeus 2.1.0.8 botnet – the latest and most sophisticated version of the Zeus malware platform.
CNP fraud refers to transactions when a credit card is not physically present, as in an internet, mail or phone purchase. It is difficult for a merchant to verify that the actual cardholder is indeed authorizing the purchase. Because of the greater risk, card issuers tend to charge merchants higher fees for CNP transactions. To make matters worse, merchants are typically responsible for CNP fraud transactions. Therefore, CNP merchants must take extra precaution against fraud exposure and associated losses.
The attack we discovered uses social engineering to gather additional information beyond the credit card number that will make it easier for the criminal to bypass fraud detection measures used to investigate suspicious transactions. In this case, the social engineering method used is very credible since the victim has navigated to the card issuer’s website – www.macys.com and www.nordstromcard.com – when Zeus injects a legitimate looking man-in-the-middle pop-up that requests personally identifiable information:
Merchants and card issuers invest a great deal in backend technologies for detecting fraudulent transactions. These systems represent an important security layer, however the increase in malware and phishing attacks that specifically target card information is making them less effective. An additional layer that can prevent card information from being stolen in the first place is now required. As this latest Zeus configuration demonstrates, criminals are constantly evolving and refining their attack methods. While merchants and card issuers can’t adapt their security infrastructure as quickly as criminal groups can modify their attacks, they need to accept when current protection methods are not no longer sufficient and refresh their defense Merchants and card issuers invest a great deal in backend technologies for detecting fraudulent transactions. These systems represent an important security layer, however the increase in malware and phishing attacks that specifically target card information is making them less effective. An additional layer that can prevent card information from being stolen in the first place is now required. As this latest Zeus configuration demonstrates, criminals are constantly evolving and refining their attack methods. While merchants and card issuers can’t adapt their security infrastructure as quickly as criminal groups can modify their attacks, they need to accept when current protection methods are not no longer sufficient and refresh their defense mechanisms accordingly.