back to article What are you doing to spot a breach?

Technology moves quickly, not just in legitimate business, but in the cybercriminal world too. Advanced attack tools are now available on the black market, lowering the barrier to entry for the average online lowlife. They are happy to target large and small organizations alike, and they only have to be lucky once. Security …

COMMENTS

This topic is closed for new posts.
  1. Doctor Syntax Silver badge

    "A hospital may send data to a third party company that produces its invoices for it. How can you distinguish between a legitimate business process like that, and an illegitimate one that is sending sensitive data to bad people?"

    How do you know that the legitimate third party isn't compromised? Or that it doesn't employ someone untrustworthy?

    1. gszathmari

      You can't. The now outdated tip was to never open emails with broken English and/or coming from unknown senders. The more sophisticated phishers are now sending pixel-perfect copy of legitimate emails and faking senders.

      One solution is the analysis of the attachments/links before (or after) delivering the email into the user's mailbox. This can be either automated, like runtime analysis in a malware sandbox. Or manual, such as looking for embedded VB scripts in the attached Word documents and verifying the external links.

      Both include investments into technology and hiring people with the right skills.

      1. Pascal Monett Silver badge

        Re:phishers are now sending pixel-perfect copy of legitimate emails and faking senders

        That they are, but they are still including links to URLs that have nothing to do with the purported origin of the mail.

        If I get a mail posing as being from my bank, asking me to click a link to validate something or another, and said link goes to http:\\mybank.com.cn, well sorry, but that is a spoof. When somebody sends me an attachment and the return address domain does not correspond to the domain it should come from, I know it's a scam. And they may be making pixel-perfect images of legitimate mails, but they're still mangling the language.

        Of course, one has to pay attention to those things.

    2. Ole Juul

      conflict

      There's a lot of unsafe practices like a hospital sending data to a third party to produce invoices. While I do think it is a good idea to work on those, there seems to be a reluctance to eliminate less safe practises when possible. It's as if there is a pull from management to use fashionable outsourcing techniques and otherwise increase the risks. Perhaps it would be more effective to do some things in-house than solve the more difficult security problem of sharing security issues with a third party.

      1. Destroy All Monsters Silver badge

        Re: conflict

        Nobody in manglement will want to stick their neck out and delay fancy glossy "projects" to do the bread-and-butter work until a crash and burn event occurs. And even then, if it can be covered up with begonias, business will go on as usual.

        This ride is going places.

  2. amanfromMars 1 Silver badge

    Crazy suspicious paranoia renders one both seriously impotent and serially disadvantaged

    Whenever a new source sends information and intelligence on a new force to an address which might be reasonably presumed and assumed to be active in the field, [and let us say it be something like a government dept (@gov.co.uk) or a military unit (@eur.army.mil)] and there be no reply or acknowledgement of receipt …. and that is not at all rare in areas of sensitive endeavour, believe you me ….. then is it more than just likely that the information and intelligence will be shared with that and/or those considered to be in opposition or competition for the advantage which such certain sensitive infotel delivers.

    And that is something of a Catch 42, is it not ……. having an address which doesn’t deliver the goods to prime subjects but instead supplies source force advantage to prime objectives/active competitors.

  3. Daggerchild Silver badge
    Happy

    Symbiosis

    Why would I want to stop them? They're the only reason the network has stayed up and competitor-free.

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2021