 "Cyber attackers shift tactics faster than companies can respond")
The tactics of hackers, cyber- criminals and state-sponsored spies are evolving so quickly that attackers often can re-enter a company's networks after being detected and banned, according to a US computer security firm.
Aerospace and defence companies were targets in 17 per cent of sophisticated computer attacks during 2012, the most of any industry, according to a report released today by Mandiant Corp. of Alexandria, Virginia. Energy, oil and gas companies were next, with 14 per cent of incidents, followed by the financial industry, with 11 per cent.
Most corporate victims - 63 per cent - didn't detect intrusions themselves and were notified by security consultants, business partners or other outside entities, Mandiant said.
"Advanced attackers continue to routinely compromise organisations - even those that have made large and sustained investments in security," the report says. "The way you respond - when the inevitable happens - is what will determine whether you become a headline or not."
US officials and companies operating vital computer networks have said the nation's banks, power grids and telecommunication systems are under constant cyber-attack. President Barack Obama issued an executive order in February intended to improve coordination among government agencies and companies in defending critical infrastructure.
The Mandiant report lists four primary tactics attackers use: subverting information-technology contractors; extensive reconnaissance of networks; persistent pursuit of targets; and installing malicious software on websites visited by employees.
Mandiant didn't identify groups behind the attacks or the companies targeted. The computer-security firm said in a report last month that the Chinese army is probably the source of hacking attacks against at least 141 companies worldwide since 2006.
The average cost of responding to cyber-attacks probably exceeds $10 million for companies with more than 1,000 employees, says Lawrence Ponemon, chairman of Ponemon Institute, a security-research firm in Traverse City, Michigan.
"The precision of attacks has significantly improved," Ponemon says. "The attacker is doing different things over and over again until they get in."
Companies need to be aware of what kind of security their vendors have, as attackers often find it easier to hack into the computers of a contractor, Ponemon said.
"The issue of vendor security is becoming very, very important," he says. "Companies haven't considered that a big threat, but it is definitely a growing threat to large organizations."
In one case cited by Mandiant, hackers got into the computers of an unnamed company by compromising the networks of a defense contractor hired for IT services. After the defense contractor learned of the problem and fixed it, the hackers installed malware on websites visited by employees of the targeted company, which allowed the criminals back into the company computers.
Companies can create "a hostile environment" for attackers by giving them deceptive information and by sharing attack information in real-time about incidents if industry sectors are being targeted, Dmitri Alperovitch, co-founder and chief technology officer of Palo Alto, California-based security firm CrowdStrike, says.
"We've been trying a defence-only approach for close to 30 years and clearly it has not worked," Alperovitch says. "We believe that the right strategy is to find ways to raise both the costs and risks to the adversary."
Companies are getting better at detecting and fighting cyber intrusions, according to the Mandiant report.
For example, 37 per cent of organisations Mandiant helped discovered attacks themselves, versus 6 per cent in 2011, the company says.
Companies also reduced the time an attacker was present on a network to 243 days, from 416 days in 2011, according to the report.
"We note, however, that this downward shift in the median was accompanied by a higher mean days of compromise," Mandiant writes.
"In other words, more organisations are doing a better job of proactively identifying problems, but there are still outliers who are compromised for several years before they detect they are compromised."
Aerospace and defence companies were targets in 17 per cent of sophisticated computer attacks during 2012, the most of any industry, according to a report released today by Mandiant Corp. of Alexandria, Virginia. Energy, oil and gas companies were next, with 14 per cent of incidents, followed by the financial industry, with 11 per cent.
Most corporate victims - 63 per cent - didn't detect intrusions themselves and were notified by security consultants, business partners or other outside entities, Mandiant said.
More From This Section
US officials and companies operating vital computer networks have said the nation's banks, power grids and telecommunication systems are under constant cyber-attack. President Barack Obama issued an executive order in February intended to improve coordination among government agencies and companies in defending critical infrastructure.
The Mandiant report lists four primary tactics attackers use: subverting information-technology contractors; extensive reconnaissance of networks; persistent pursuit of targets; and installing malicious software on websites visited by employees.
Mandiant didn't identify groups behind the attacks or the companies targeted. The computer-security firm said in a report last month that the Chinese army is probably the source of hacking attacks against at least 141 companies worldwide since 2006.
The average cost of responding to cyber-attacks probably exceeds $10 million for companies with more than 1,000 employees, says Lawrence Ponemon, chairman of Ponemon Institute, a security-research firm in Traverse City, Michigan.
"The precision of attacks has significantly improved," Ponemon says. "The attacker is doing different things over and over again until they get in."
Companies need to be aware of what kind of security their vendors have, as attackers often find it easier to hack into the computers of a contractor, Ponemon said.
"The issue of vendor security is becoming very, very important," he says. "Companies haven't considered that a big threat, but it is definitely a growing threat to large organizations."
In one case cited by Mandiant, hackers got into the computers of an unnamed company by compromising the networks of a defense contractor hired for IT services. After the defense contractor learned of the problem and fixed it, the hackers installed malware on websites visited by employees of the targeted company, which allowed the criminals back into the company computers.
Companies can create "a hostile environment" for attackers by giving them deceptive information and by sharing attack information in real-time about incidents if industry sectors are being targeted, Dmitri Alperovitch, co-founder and chief technology officer of Palo Alto, California-based security firm CrowdStrike, says.
"We've been trying a defence-only approach for close to 30 years and clearly it has not worked," Alperovitch says. "We believe that the right strategy is to find ways to raise both the costs and risks to the adversary."
Companies are getting better at detecting and fighting cyber intrusions, according to the Mandiant report.
For example, 37 per cent of organisations Mandiant helped discovered attacks themselves, versus 6 per cent in 2011, the company says.
Companies also reduced the time an attacker was present on a network to 243 days, from 416 days in 2011, according to the report.
"We note, however, that this downward shift in the median was accompanied by a higher mean days of compromise," Mandiant writes.
"In other words, more organisations are doing a better job of proactively identifying problems, but there are still outliers who are compromised for several years before they detect they are compromised."