SDN Journal Authors: Elizabeth White, Yeshim Deniz, Liz McMillan, Pat Romanski, TJ Randall

News Feed Item

Damballa's Q2 Research: 40% of Targeted Threats Give Control of Enterprise Assets to Criminals

Antivirus Solutions Detect Fewer Than 20% of Targeted Threats When First Discovered in the Wild

Damballa, Inc., the only Internet security company focused specifically on targeted threats such as BotArmies, today announced findings from their second quarter analysis. As a key tool for organized crime, targeted threats continue to grow in sophistication with an elevated focus on the enterprise network.

“2008 is poised to be the year of the targeted attack,” said Paul Royal, Principal Researcher at Damballa. “Targeted threats are attacks that exploit relationships between people, what’s important to them and what they don’t know. We’ve seen enhancements to the structure, format, and presentation of these attacks, which make them more likely to successfully compromise corporate users in and get out of enterprise environments. Today’s targeted attacks evade traditional enterprise security mechanisms and perpetrate malicious activities, such as data exfiltration.”

In the second quarter of 2008, Damballa’s research team analyzed a corpus of targeted threats and discovered the following results:

  • 40% of the overall targeted threats analyzed give control of enterprise assets to criminals. This is derived from the fact that 50% of targeted threats analyzed use HTTP for communications, which allows for easier criminal control. And of those, almost 80% will steal proxy settings to facilitate successful outbound communication.
  • Over 75% of targeted attack Command and Control (CnC) sites are located in Asia, with China being the most dominant location.
  • Almost half of the targeted threats analyzed were propagated using PDF files, with Word documents and PowerPoint presentations coming in second and third, respectively.

A recent analysis of antivirus solutions performed using VirusTotal shows that detections of newly discovered targeted attacks average less than 20%. These results follow similar and disturbing trends, which include armies rapidly adapting for self preservation. For example, in January 2007 a large portion of Bobax cannibalized itself to bootstrap Storm. More recently, just a few weeks after being widely discussed in the press, Kraken changed from using a custom protocol with encrypted content to one that uses plaintext HTTP.

Targeted threats no longer encompass malware executables with obvious extensions (e.g., exe, .scr, .pif). Instead, documents such as PDFs are used to execute arbitrary and malicious code. These attacks are successful because most users believe that documents such as PDFs are harmless. Yet, simply viewing a PDF with a slightly out-of-date reader can place a computer under the control of a malicious third party. In addition, when an attack is successful, the user is unlikely to know a compromise occurred.

The social engineering aspects of targeted attacks have also grown in sophistication. Instead of standard enticements normally found in spam, these attacks use subject lines which would be of importance to enterprise users. These include financial topics such as IRS complaints or notices, political topics that play off current events such as the Olympics in China, freeing Tibet, and human rights issues, and personal topics such as speaker invitations and scholarship offers.

“Enterprise organizations need to enhance their understanding of the danger targeted attacks pose to their environment. Defenses such as firewalls, IDS, and antivirus often fail to detect these new and increasingly frequent kinds of attacks,” said Royal.

Damballa is showcasing the company’s technology at the 2008 Gartner IT Security Summit June 2-4 in Washington, DC (Booth # 34). Damballa’s solutions provide deeper understanding of and protection against targeted attacks than is possible with signature-based host, LAN or gateway security technologies. These solutions provide comprehensive, real-time visibility into targeted attack activity both inside the enterprise and across the Internet. Damballa’s insight often predicts attacks before they arrive, or before they can damage corporate assets. In addition, Damballa gives customers the ability to disrupt and resolve targeted attacks such as BotArmy compromises, so that remediation can take place in a planned, orderly manner.

About Damballa, Inc.

Damballa protects businesses from targeted attacks used for organized, online crime. Its unique, global approach rapidly isolates the command-and-control needed to launch multi-network attacks. Damballa’s signatureless solutions improve security both inside and outside the network perimeter, to stop threats other technologies miss and restore control to legitimate owners. Damballa identifies the severity and intent of targeted attacks such as BotArmies, even when malware can’t be detected. Its products and services provide a critical window for orderly remediation, and integrate easily into existing infrastructure without requiring additional headcount or complexity. Damballa is privately held, and is headquartered in Atlanta, Georgia.

More Stories By Business Wire

Copyright © 2009 Business Wire. All rights reserved. Republication or redistribution of Business Wire content is expressly prohibited without the prior written consent of Business Wire. Business Wire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

CloudEXPO Stories
DXWorldEXPO LLC announced today that Big Data Federation to Exhibit at the 22nd International CloudEXPO, colocated with DevOpsSUMMIT and DXWorldEXPO, November 12-13, 2018 in New York City. Big Data Federation, Inc. develops and applies artificial intelligence to predict financial and economic events that matter. The company uncovers patterns and precise drivers of performance and outcomes with the aid of machine-learning algorithms, big data, and fundamental analysis. Their products are deployed by some of the world's largest financial institutions. The company develops and applies innovative machine-learning technologies to big data to predict financial, economic, and world events. The team is a group of passionate technologists, mathematicians, data scientists and programmers in Silicon Valley with over 100 patents to their names. Big Data Federation was incorporated in 2015 and is ...
Dynatrace is an application performance management software company with products for the information technology departments and digital business owners of medium and large businesses. Building the Future of Monitoring with Artificial Intelligence. Today we can collect lots and lots of performance data. We build beautiful dashboards and even have fancy query languages to access and transform the data. Still performance data is a secret language only a couple of people understand. The more business becomes digital the more stakeholders are interested in this data including how it relates to business. Some of these people have never used a monitoring tool before. They have a question on their mind like "How is my application doing" but no idea how to get a proper answer.
All in Mobile is a place where we continually maximize their impact by fostering understanding, empathy, insights, creativity and joy. They believe that a truly useful and desirable mobile app doesn't need the brightest idea or the most advanced technology. A great product begins with understanding people. It's easy to think that customers will love your app, but can you justify it? They make sure your final app is something that users truly want and need. The only way to do this is by researching target group and involving users in the designing process.
CloudEXPO New York 2018, colocated with DevOpsSUMMIT and DXWorldEXPO New York 2018 will be held November 12-13, 2018, in New York City and will bring together Cloud Computing, FinTech and Blockchain, Digital Transformation, Big Data, Internet of Things, DevOps, AI and Machine Learning to one location.
CloudEXPO | DevOpsSUMMIT | DXWorldEXPO are the world's most influential, independent events where Cloud Computing was coined and where technology buyers and vendors meet to experience and discuss the big picture of Digital Transformation and all of the strategies, tactics, and tools they need to realize their goals. Sponsors of DXWorldEXPO | CloudEXPO benefit from unmatched branding, profile building and lead generation opportunities.