back to article US spanks EU businesses in race to detect p0wned servers

European organisations are taking longer to detect breaches than their counterparts in North America, according to a study by FireEye. Organisations in EMEA are taking almost six months (175 days) to detect an intruder in their networks, which is rather more than the 102 days that the firm found when asking the same questions …

  1. Anonymous Coward
    Anonymous Coward

    The IP of where the attack comes from...

    ... is no indication of who is in control of it.

    First thing to do when launching an attack is compromise a remote machine and launch the attack from there.

    1. Anonymous Coward
      Anonymous Coward

      Re: The IP of where the attack comes from...

      Don't let the facts get in the way of the politics! If we do that, then those vipers may become accountable for their lies and corruption.

      1. This post has been deleted by its author

    2. tfewster
      Facepalm

      Re: The IP of where the attack comes from...

      Who could possibly want to "joe job" Iran, North Korea, etc.? My money would be on the CIA* being behind these attacks.

      - Known to be wildly out of control

      - Known to attack both friendly and hostile nations

      - Known to cover their tracks and lie.

      - Known to have the technological capabilities.

      No offence to Iran and North Korea, but I just don't see them as sophisticated state actors.

      * "intelligence" in the information collection sense rather than the more common definition.

    3. Anonymous Coward
      Facepalm

      Re: The IP of where the attack comes from...

      @Anonymous Coward: "First thing to do when launching an attack is compromise a remote machine and launch the attack from there."

      Are you some kind of an expert, cause the Russian GRU (76 Khoroshyovskoe shosse) uses an IP address registered to their own street address. And some agent forgot to turn the VPN on when he was hacking the DNC. I know this cause I read this on The Register.

      1. Anonymous Coward
        Anonymous Coward

        Re: The IP of where the attack comes from...

        "Are you some kind of an expert, cause the Russian GRU (76 Khoroshyovskoe shosse) uses an IP address registered to their own street address. And some agent forgot to turn the VPN on when he was hacking the DNC. I know this cause I read this on The Register."

        Do you have a reading comprehension issue?

        I said:

        "The IP of where the attack comes from...

        ... is no indication of who is in control of it."

        Who's to say the PC in Russia was not compromised first to launch the attack from there.

    4. Paul 129
      Facepalm

      Re: The IP of where the attack comes from...

      So when you find a data breech linked back to an attacking ip address, who do you report it to.

      That machine is most likely compromised. True, but without any stats or other details, your deliberately

      But locally at least, the feds(Australia) had up on their website about 12 months ago, that they were not interested in receiving information unless the attack originated within Australia.

      So when I find an attack that has done damage to a business, cause its a small business, no one is interested in the last hop? No one wants to know? Just file insurance claims and move on....

      head meet hole in sand.

  2. Guus Leeuw

    Seriously...

    Dear Sir,

    "Organisations in EMEA are taking almost six months (175 days) to detect an intruder in their networks, which is rather more than the 102 days that the firm found when asking the same questions last year. In contrast, the median dwell time in the Americas has improved from at 76 days in 2017, compared with 99 in 2016. Globally it stands at 101 days."

    Stone-editor... Again!

    Regards,

    Guus

  3. Charlie Clark Silver badge

    Fire Eye touting for business?

    Certainly how I interpret the article. Various EU countries have been upping the "cybersecurity" ante for years and independently of GDPR but focussing on key sectors. I would have thought that up until very recently most companies wouldn't be able to know whether they were being attacked or not. GDPR is at least doing a great job in increasing awareness of the problem.

  4. John Smith 19 Gold badge
    Holmes

    "were targeted again by the same of a similarly motivated attack group,"

    They had free run of the companies servers for about 6 months.

    Why wouldn't they think that after a few months without being hit the company would return to the same lazy, slipshod ways that let them gain access in the first place?

    This is the internet.

    If the reward is big enough or the cost (of compromising someone) small enough (because they essentially have no security) then any company is likely to get a visit.

    It's not if, it's when.

  5. Anonymous Coward
    Alien

    Number of days to breach detection

    A meaningless metric, someone breaks in steals data and leaves erasing evidence of their presence or else they're good enough to remain undetectable. FireEye, are they the same outfit that provided 'protection' to Equifax.

    "FireEye has historically blamed China" .. or Iran or North Korea or Russia or Sudan or Syria or Venezuela or the supreme leader of a race of albino shape-shifting reptilian humanoids from a planet in the Sirius Star System.

    'as the geo-political landscape has changed Russia and North Korea are getting more and more "credit" for alleged cyber-nasties.'

    Do you mean as to whom ever is Uncle Sams current cyber bogeyman. Please, enough of this neocon cyber-scare stories, you're not addressing the average Faux News viewer. FireEye staffed by alleged former intelligence agents of the US and a certain middle eastern nation, come on, you do the 'Math' :]

    1. GIRZiM
      Coffee/keyboard

      Re: Number of days to breach detection

      > "FireEye has historically blamed" .. the supreme leader of a race of albino shape-shifting reptilian humanoids from a planet in the Sirius Star System

      Magnificent!

      You owe me new beer - have a keyboard, sir!

    2. Anonymous Coward
      Anonymous Coward

      Re: Number of days to breach detection

      "FireEye has historically blamed China" .. or Iran or North Korea or Russia or Sudan or Syria or Venezuela or the supreme leader of a race of albino shape-shifting reptilian humanoids from a planet in the Sirius Star System."

      "you're not addressing the average Faux News viewer. FireEye staffed by alleged former intelligence agents of the US and a certain middle eastern nation, come on, you do the 'Math' :]

      Best post ever!

  6. Povl H. Pedersen

    GDPR

    GDPR gives you 4 days to contact authorities after you have VERIFIED that a breach has taken place. There is no penalty for being slow to detect, or reading about your breach in media.

    GDPR is mostly an excercise in getting documentation and processes in place, and very little about necesary technical controls.

    1. Anonymous Coward
      Anonymous Coward

      Re: GDPR

      That GDPR rule aims at people being notified quickly when a breach is discovered, you can't keep it "secret" while you offload your shares. But it's not the only rule - you can be fined for other reasons as well, for not protecting data well enough.

      The fact you can't delay much the notification of a breach, and face their consequences or face big fines, should be an incentive to keep a closer eye on what happens on your systems to minimize breaches and their effects.

      The good thing of the GDPR is exactly it doesn't mandate any technology, which would make it obsolete well before next May.

  7. sal II

    EMEA =/ Europe

    EMEA stands for Europe, Middle East and Africa.

    Europe is just a subsection of that and then the EU is just a subsection of Europe.

    So not sure what bearing a numbers for EMEA have on EU businesses.

    1. John Brown (no body) Silver badge

      Re: EMEA =/ Europe

      That's exactly what I came here to say too! EMEA appears to be a US contrived acronym invented by US multi-nationals purely for regional C-Suite accountants and probably has less relevance than DVD region codes when it comes to grouping countries together. If someone is going to use EMEA for a number, then the comparison should be with "America" as a whole, ie including Central and South American countries.

      1. Slx

        Re: EMEA =/ Europe

        EMEA is a also an absolutely huge area that would contain 2.2 billion people if it were a geopolitical entity (which it isn't). The European Union only contains 508 million people.

        It contains the entire African continent and the whole Middle East.

        So the figure are utterly meaningless for the EU and contains a huge amount of countries (in fact far more than are in the EU) which would not have anything like its level of development or regulation.

        It's actually twice the size of the population of the entire American continent (North and South).

        As a region it's utterly meaningless and probably has something to do with using 230V 50Hz power or something like that.

        You might as well compare the EU to AMChina (some weird amalgamation of North and South America and the Chinese Market)

        It's about as useful a term as "Overseas" vs "US"

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like