Hackers get ‘more violent' against security firms
By Tom Brewster,
Security firms are being targeted by more violent attacks than ever before, one of the industry’s top experts has warned.
Mikko Hypponen, chief research officer at F-Secure, said security providers had to deal with some “pretty aggressive attacks” in recent months.
“We are seeing more of them now than before and they are more violent attacks,” Hypponen said in an interview with IT PRO today.
“Obviously, anybody in the security industry doesn’t like this, seeing more and more attacks against security companies. Nobody is 100 per cent secure, but we do our best. We definitely don’t want to challenge anybody to hack into our systems.”
Hypponen’s comments came after a spate of hacks against technology companies, with security firms being hit hard.
HBGary was infiltrated by hacktivist group Anonymous after a spat between the two organisations, as the security firm saw tens of thousands of its emails leaked.
More recently, RSA was hit by a significant targeted attack, or Advanced Persistent Threat (APT), when data on the company’s SecurID product line was taken.
Then, over the weekend, Barracuda Networks was hit with an SQL injection attack, with partner contact information stolen.
Barracuda admitted it made a mistake by turning its own Web Application Firewall, sitting in front of the company’s website, to “passive monitoring mode.”
APTs
Despite being averse to the 'APT' buzz-acronym of the moment, Hypponen said such targeted attacks were a genuine worry and have been for some time.
He revealed a billion-pound UK company was hit by an APT, when a key employee's laptop became infected with a back-door flaw for 18 months before the firm realised what was going on.
“It was basically leaking corporate data to an IP in China for a year and a half,” Hypponen said.
A significant problem with such targeted attacks is the difficulty of identifying them.
“We miss most of these attacks,” he added. “The reason why most of these go undetected is that they are so narrow targeted. Normally only one guy is hit by them and it’s not detected by any safeguards.”
Most APTs F-Secure has seen appeared to have been state-sponsored, Hypponen suggested, given many have targeted NGOs and freedom of speech groups.
You may also like...
Sponsored Links
advertisement
You may also like...
Latest Security Analysis & Insight
What is your password worth?
Would you be tempted to sell off company passwords for a fee? If not, seems like you're in the minority, acccording to research.
- Macs under attack?
- Intel: security inside
- Are you spending too much on IT security?
- Does the government want to snoop on your data?
- Eurocrats versus the cyber criminals
- The truth about spam
- Google and privacy: What’s the problem?
- Q&A: Symantec’s CISO on the source code hack
- RSA: Back from the breach?
Latest Security Reviews
Check Point 2210 Appliance review
Rating: 
advertisement
Most popular
- UK regulator shuts down Angry Birds scam
- Apple iPad 3 vs iPad 2 head-to-head review
- IBM bans use of Siri on iPhones
- Chromebooks: What's gone wrong?
- HP plans massive job cuts
- EMC World 2012: Tucci declares Documentum is here to stay
- Dell EqualLogic PS6100XS review
- Macs and Android under malware threat
- RIM loses its head of sales
- Local fibre broadband needs common standards
Latest News Videos in Security
IT PRO Podcast: Are UK data protection laws flawed?
PlayWe bring in two experts to talk about the problems with UK data protection law and the way it is managed.
Register for IT PRO
You'll get exclusive member benefits including free whitepapers, downloads, Webinars and weekly newsletters full of the latest IT PRO news, reviews, insight and expertise.
