Page 23 - index
P. 23
But why? If our theory is correct, the information stolen from these companies has not been
used against them, necessarily, but instead to defraud oil buyers. Rather than face the spotlight,
they prefer to keep a low profile, change their credentials and continue to operate as though
nothing has happened.
Some countries have laws that force companies to report every hacking intrusion where
information is stolen. However, that obligation is usually limited to incidents in which the stolen
information belongs to a third party (customers, partners, etc.). In this case, the stolen
credentials belonged to the company under attack, thereby removing it from obligation to the
law to report the theft.
We believe it’s time for the next stage: The Force Awakens. Our homage to Star Wars began
with the identification of the attack, but now it brings us to the next critical element in the defeat
of such a nefarious form of cyber-crime. We are urging all major companies to awaken to their
vulnerability, realize that absolute security doesn’t exist, and accept that behavior-based
protection is limited. It is our hope that they will take steps beyond their standard measures and
perform regular audits that can assess and address potential weaknesses in their network
security.
Attacks will continue to evolve, and become all the more threatening. Thus, it is the
responsibility of companies and security firms alike to continually adapt their defense systems
and implement new protection strategies that give total control and visibility over their networks.
The Phantom Menace was merely the first of a new kind of attack. Let’s be ready for the next.
About the Author:
Luis Corrons has been working in the security industry for more
than 16 years, specifically in the antivirus field. He is the Technical
Director at PandaLabs, the malware research lab at Panda
Security. Luis is a WildList reporter, member of the Board of
Directors at AMTSO (Anti-Malware Testing Standards Organization)
and member of the Board of Directors at MUTE (Malicious URLs
Tracking and Exchange). HE is also a top rated industry speaker at
events like Virus Bulletin, HackInTheBox, APWG, Security BSides, etc. Luis also serves as
liaison between Panda Security and law enforcement agencies, and has helped in a number of
cyber-criminal investigations.
23 Cyber Warnings E-Magazine – June 2015 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
