SDN Journal Authors: Liz McMillan, Yeshim Deniz, Elizabeth White, Pat Romanski, TJ Randall

News Feed Item

Damballa's Q2 Research: 40% of Targeted Threats Give Control of Enterprise Assets to Criminals

Antivirus Solutions Detect Fewer Than 20% of Targeted Threats When First Discovered in the Wild

Damballa, Inc., the only Internet security company focused specifically on targeted threats such as BotArmies, today announced findings from their second quarter analysis. As a key tool for organized crime, targeted threats continue to grow in sophistication with an elevated focus on the enterprise network.

“2008 is poised to be the year of the targeted attack,” said Paul Royal, Principal Researcher at Damballa. “Targeted threats are attacks that exploit relationships between people, what’s important to them and what they don’t know. We’ve seen enhancements to the structure, format, and presentation of these attacks, which make them more likely to successfully compromise corporate users in and get out of enterprise environments. Today’s targeted attacks evade traditional enterprise security mechanisms and perpetrate malicious activities, such as data exfiltration.”

In the second quarter of 2008, Damballa’s research team analyzed a corpus of targeted threats and discovered the following results:

  • 40% of the overall targeted threats analyzed give control of enterprise assets to criminals. This is derived from the fact that 50% of targeted threats analyzed use HTTP for communications, which allows for easier criminal control. And of those, almost 80% will steal proxy settings to facilitate successful outbound communication.
  • Over 75% of targeted attack Command and Control (CnC) sites are located in Asia, with China being the most dominant location.
  • Almost half of the targeted threats analyzed were propagated using PDF files, with Word documents and PowerPoint presentations coming in second and third, respectively.

A recent analysis of antivirus solutions performed using VirusTotal shows that detections of newly discovered targeted attacks average less than 20%. These results follow similar and disturbing trends, which include armies rapidly adapting for self preservation. For example, in January 2007 a large portion of Bobax cannibalized itself to bootstrap Storm. More recently, just a few weeks after being widely discussed in the press, Kraken changed from using a custom protocol with encrypted content to one that uses plaintext HTTP.

Targeted threats no longer encompass malware executables with obvious extensions (e.g., exe, .scr, .pif). Instead, documents such as PDFs are used to execute arbitrary and malicious code. These attacks are successful because most users believe that documents such as PDFs are harmless. Yet, simply viewing a PDF with a slightly out-of-date reader can place a computer under the control of a malicious third party. In addition, when an attack is successful, the user is unlikely to know a compromise occurred.

The social engineering aspects of targeted attacks have also grown in sophistication. Instead of standard enticements normally found in spam, these attacks use subject lines which would be of importance to enterprise users. These include financial topics such as IRS complaints or notices, political topics that play off current events such as the Olympics in China, freeing Tibet, and human rights issues, and personal topics such as speaker invitations and scholarship offers.

“Enterprise organizations need to enhance their understanding of the danger targeted attacks pose to their environment. Defenses such as firewalls, IDS, and antivirus often fail to detect these new and increasingly frequent kinds of attacks,” said Royal.

Damballa is showcasing the company’s technology at the 2008 Gartner IT Security Summit June 2-4 in Washington, DC (Booth # 34). Damballa’s solutions provide deeper understanding of and protection against targeted attacks than is possible with signature-based host, LAN or gateway security technologies. These solutions provide comprehensive, real-time visibility into targeted attack activity both inside the enterprise and across the Internet. Damballa’s insight often predicts attacks before they arrive, or before they can damage corporate assets. In addition, Damballa gives customers the ability to disrupt and resolve targeted attacks such as BotArmy compromises, so that remediation can take place in a planned, orderly manner.

About Damballa, Inc.

Damballa protects businesses from targeted attacks used for organized, online crime. Its unique, global approach rapidly isolates the command-and-control needed to launch multi-network attacks. Damballa’s signatureless solutions improve security both inside and outside the network perimeter, to stop threats other technologies miss and restore control to legitimate owners. Damballa identifies the severity and intent of targeted attacks such as BotArmies, even when malware can’t be detected. Its products and services provide a critical window for orderly remediation, and integrate easily into existing infrastructure without requiring additional headcount or complexity. Damballa is privately held, and is headquartered in Atlanta, Georgia.

More Stories By Business Wire

Copyright © 2009 Business Wire. All rights reserved. Republication or redistribution of Business Wire content is expressly prohibited without the prior written consent of Business Wire. Business Wire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

CloudEXPO Stories
Whenever a new technology hits the high points of hype, everyone starts talking about it like it will solve all their business problems. Blockchain is one of those technologies. According to Gartner's latest report on the hype cycle of emerging technologies, blockchain has just passed the peak of their hype cycle curve. If you read the news articles about it, one would think it has taken over the technology world. No disruptive technology is without its challenges and potential impediments that frequently get lost in the hype. The panel will discuss their perspective on what they see as they key challenges and/or impediments to adoption, and how they see those issues could be resolved or mitigated.
There's no doubt that blockchain technology is a powerful tool for the enterprise, but bringing it mainstream has not been without challenges. As VP of Technology at 8base, Andrei is working to make developing a blockchain application accessible to anyone. With better tools, entrepreneurs and developers can work together to quickly and effectively launch applications that integrate smart contracts and blockchain technology. This will ultimately accelerate blockchain adoption on a global scale.
DXWorldEXPO LLC announced today that Nutanix has been named "Platinum Sponsor" of CloudEXPO | DevOpsSUMMIT | DXWorldEXPO New York, which will take place November 12-13, 2018 in New York City. Nutanix makes infrastructure invisible, elevating IT to focus on the applications and services that power their business. The Nutanix Enterprise Cloud Platform blends web-scale engineering and consumer-grade design to natively converge server, storage, virtualization and networking into a resilient, software-defined solution with rich machine intelligence.
In his session at 21st Cloud Expo, Michael Burley, a Senior Business Development Executive in IT Services at NetApp, described how NetApp designed a three-year program of work to migrate 25PB of a major telco's enterprise data to a new STaaS platform, and then secured a long-term contract to manage and operate the platform. This significant program blended the best of NetApp’s solutions and services capabilities to enable this telco’s successful adoption of private cloud storage and launching of virtual storage services to its enterprise market.
Despite being the market leader, we recognized the need to transform and reinvent our business at Dynatrace, before someone else disrupted the market. Over the course of three years, we changed everything - our technology, our culture and our brand image. In this session we'll discuss how we navigated through our own innovator's dilemma, and share takeaways from our experience that you can apply to your own organization.