Welcome!

SDN Journal Authors: Liz McMillan, Elizabeth White, Yeshim Deniz, Pat Romanski, TJ Randall

News Feed Item

Damballa's Q2 Research: 40% of Targeted Threats Give Control of Enterprise Assets to Criminals

Antivirus Solutions Detect Fewer Than 20% of Targeted Threats When First Discovered in the Wild

Damballa, Inc., the only Internet security company focused specifically on targeted threats such as BotArmies, today announced findings from their second quarter analysis. As a key tool for organized crime, targeted threats continue to grow in sophistication with an elevated focus on the enterprise network.

“2008 is poised to be the year of the targeted attack,” said Paul Royal, Principal Researcher at Damballa. “Targeted threats are attacks that exploit relationships between people, what’s important to them and what they don’t know. We’ve seen enhancements to the structure, format, and presentation of these attacks, which make them more likely to successfully compromise corporate users in and get out of enterprise environments. Today’s targeted attacks evade traditional enterprise security mechanisms and perpetrate malicious activities, such as data exfiltration.”

In the second quarter of 2008, Damballa’s research team analyzed a corpus of targeted threats and discovered the following results:

  • 40% of the overall targeted threats analyzed give control of enterprise assets to criminals. This is derived from the fact that 50% of targeted threats analyzed use HTTP for communications, which allows for easier criminal control. And of those, almost 80% will steal proxy settings to facilitate successful outbound communication.
  • Over 75% of targeted attack Command and Control (CnC) sites are located in Asia, with China being the most dominant location.
  • Almost half of the targeted threats analyzed were propagated using PDF files, with Word documents and PowerPoint presentations coming in second and third, respectively.

A recent analysis of antivirus solutions performed using VirusTotal shows that detections of newly discovered targeted attacks average less than 20%. These results follow similar and disturbing trends, which include armies rapidly adapting for self preservation. For example, in January 2007 a large portion of Bobax cannibalized itself to bootstrap Storm. More recently, just a few weeks after being widely discussed in the press, Kraken changed from using a custom protocol with encrypted content to one that uses plaintext HTTP.

Targeted threats no longer encompass malware executables with obvious extensions (e.g., exe, .scr, .pif). Instead, documents such as PDFs are used to execute arbitrary and malicious code. These attacks are successful because most users believe that documents such as PDFs are harmless. Yet, simply viewing a PDF with a slightly out-of-date reader can place a computer under the control of a malicious third party. In addition, when an attack is successful, the user is unlikely to know a compromise occurred.

The social engineering aspects of targeted attacks have also grown in sophistication. Instead of standard enticements normally found in spam, these attacks use subject lines which would be of importance to enterprise users. These include financial topics such as IRS complaints or notices, political topics that play off current events such as the Olympics in China, freeing Tibet, and human rights issues, and personal topics such as speaker invitations and scholarship offers.

“Enterprise organizations need to enhance their understanding of the danger targeted attacks pose to their environment. Defenses such as firewalls, IDS, and antivirus often fail to detect these new and increasingly frequent kinds of attacks,” said Royal.

Damballa is showcasing the company’s technology at the 2008 Gartner IT Security Summit June 2-4 in Washington, DC (Booth # 34). Damballa’s solutions provide deeper understanding of and protection against targeted attacks than is possible with signature-based host, LAN or gateway security technologies. These solutions provide comprehensive, real-time visibility into targeted attack activity both inside the enterprise and across the Internet. Damballa’s insight often predicts attacks before they arrive, or before they can damage corporate assets. In addition, Damballa gives customers the ability to disrupt and resolve targeted attacks such as BotArmy compromises, so that remediation can take place in a planned, orderly manner.

About Damballa, Inc.

Damballa protects businesses from targeted attacks used for organized, online crime. Its unique, global approach rapidly isolates the command-and-control needed to launch multi-network attacks. Damballa’s signatureless solutions improve security both inside and outside the network perimeter, to stop threats other technologies miss and restore control to legitimate owners. Damballa identifies the severity and intent of targeted attacks such as BotArmies, even when malware can’t be detected. Its products and services provide a critical window for orderly remediation, and integrate easily into existing infrastructure without requiring additional headcount or complexity. Damballa is privately held, and is headquartered in Atlanta, Georgia.

More Stories By Business Wire

Copyright © 2009 Business Wire. All rights reserved. Republication or redistribution of Business Wire content is expressly prohibited without the prior written consent of Business Wire. Business Wire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

@CloudExpo Stories
The best way to leverage your CloudEXPO | DXWorldEXPO presence as a sponsor and exhibitor is to plan your news announcements around our events. The press covering CloudEXPO | DXWorldEXPO will have access to these releases and will amplify your news announcements. More than two dozen Cloud companies either set deals at our shows or have announced their mergers and acquisitions at CloudEXPO. Product announcements during our show provide your company with the most reach through our targeted audienc...
@DevOpsSummit at Cloud Expo, taking place November 12-13 in New York City, NY, is co-located with 22nd international CloudEXPO | first international DXWorldEXPO and will feature technical sessions from a rock star conference faculty and the leading industry players in the world.
DXWorldEXPO | CloudEXPO are the world's most influential, independent events where Cloud Computing was coined and where technology buyers and vendors meet to experience and discuss the big picture of Digital Transformation and all of the strategies, tactics, and tools they need to realize their goals. Sponsors of DXWorldEXPO | CloudEXPO benefit from unmatched branding, profile building and lead generation opportunities.
With 10 simultaneous tracks, keynotes, general sessions and targeted breakout classes, @CloudEXPO and DXWorldEXPO are two of the most important technology events of the year. Since its launch over eight years ago, @CloudEXPO and DXWorldEXPO have presented a rock star faculty as well as showcased hundreds of sponsors and exhibitors!
22nd International Cloud Expo, taking place June 5-7, 2018, at the Javits Center in New York City, NY, and co-located with the 1st DXWorld Expo will feature technical sessions from a rock star conference faculty and the leading industry players in the world. Cloud computing is now being embraced by a majority of enterprises of all sizes. Yesterday's debate about public vs. private has transformed into the reality of hybrid cloud: a recent survey shows that 74% of enterprises have a hybrid cloud ...
HyperConvergence came to market with the objective of being simple, flexible and to help drive down operating expenses. It reduced the footprint by bundling the compute/storage/network into one box. This brought a new set of challenges as the HyperConverged vendors are very focused on their own proprietary building blocks. If you want to scale in a certain way, let's say you identified a need for more storage and want to add a device that is not sold by the HyperConverged vendor, forget about it...
In his keynote at 19th Cloud Expo, Sheng Liang, co-founder and CEO of Rancher Labs, discussed the technological advances and new business opportunities created by the rapid adoption of containers. With the success of Amazon Web Services (AWS) and various open source technologies used to build private clouds, cloud computing has become an essential component of IT strategy. However, users continue to face challenges in implementing clouds, as older technologies evolve and newer ones like Docker c...
"MobiDev is a software development company and we do complex, custom software development for everybody from entrepreneurs to large enterprises," explained Alan Winters, U.S. Head of Business Development at MobiDev, in this SYS-CON.tv interview at 21st Cloud Expo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
The next XaaS is CICDaaS. Why? Because CICD saves developers a huge amount of time. CD is an especially great option for projects that require multiple and frequent contributions to be integrated. But… securing CICD best practices is an emerging, essential, yet little understood practice for DevOps teams and their Cloud Service Providers. The only way to get CICD to work in a highly secure environment takes collaboration, patience and persistence. Building CICD in the cloud requires rigorous ar...
"We're focused on how to get some of the attributes that you would expect from an Amazon, Azure, Google, and doing that on-prem. We believe today that you can actually get those types of things done with certain architectures available in the market today," explained Steve Conner, VP of Sales at Cloudistics, in this SYS-CON.tv interview at 21st Cloud Expo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
Sanjeev Sharma Joins November 11-13, 2018 @DevOpsSummit at @CloudEXPO New York Faculty. Sanjeev Sharma is an internationally known DevOps and Cloud Transformation thought leader, technology executive, and author. Sanjeev's industry experience includes tenures as CTO, Technical Sales leader, and Cloud Architect leader. As an IBM Distinguished Engineer, Sanjeev is recognized at the highest levels of IBM's core of technical leaders.
As Cybric's Chief Technology Officer, Mike D. Kail is responsible for the strategic vision and technical direction of the platform. Prior to founding Cybric, Mike was Yahoo's CIO and SVP of Infrastructure, where he led the IT and Data Center functions for the company. He has more than 24 years of IT Operations experience with a focus on highly-scalable architectures.
JETRO showcased Japan Digital Transformation Pavilion at SYS-CON's 21st International Cloud Expo® at the Santa Clara Convention Center in Santa Clara, CA. The Japan External Trade Organization (JETRO) is a non-profit organization that provides business support services to companies expanding to Japan. With the support of JETRO's dedicated staff, clients can incorporate their business; receive visa, immigration, and HR support; find dedicated office space; identify local government subsidies; get...
Dion Hinchcliffe is an internationally recognized digital expert, bestselling book author, frequent keynote speaker, analyst, futurist, and transformation expert based in Washington, DC. He is currently Chief Strategy Officer at the industry-leading digital strategy and online community solutions firm, 7Summits.
Bill Schmarzo, author of "Big Data: Understanding How Data Powers Big Business" and "Big Data MBA: Driving Business Strategies with Data Science," is responsible for setting the strategy and defining the Big Data service offerings and capabilities for EMC Global Services Big Data Practice. As the CTO for the Big Data Practice, he is responsible for working with organizations to help them identify where and how to start their big data journeys. He's written several white papers, is an avid blogge...
DXWorldEXPO LLC announced today that Dez Blanchfield joined the faculty of CloudEXPO's "10-Year Anniversary Event" which will take place on November 11-13, 2018 in New York City. Dez is a strategic leader in business and digital transformation with 25 years of experience in the IT and telecommunications industries developing strategies and implementing business initiatives. He has a breadth of expertise spanning technologies such as cloud computing, big data and analytics, cognitive computing, m...
In past @ThingsExpo presentations, Joseph di Paolantonio has explored how various Internet of Things (IoT) and data management and analytics (DMA) solution spaces will come together as sensor analytics ecosystems. This year, in his session at @ThingsExpo, Joseph di Paolantonio from DataArchon, added the numerous Transportation areas, from autonomous vehicles to “Uber for containers.” While IoT data in any one area of Transportation will have a huge impact in that area, combining sensor analytic...
Bill Schmarzo, author of "Big Data: Understanding How Data Powers Big Business" and "Big Data MBA: Driving Business Strategies with Data Science," is responsible for setting the strategy and defining the Big Data service offerings and capabilities for EMC Global Services Big Data Practice. As the CTO for the Big Data Practice, he is responsible for working with organizations to help them identify where and how to start their big data journeys. He's written several white papers, is an avid blogge...
Charles Araujo is an industry analyst, internationally recognized authority on the Digital Enterprise and author of The Quantum Age of IT: Why Everything You Know About IT is About to Change. As Principal Analyst with Intellyx, he writes, speaks and advises organizations on how to navigate through this time of disruption. He is also the founder of The Institute for Digital Transformation and a sought after keynote speaker. He has been a regular contributor to both InformationWeek and CIO Insight...
Michael Maximilien, better known as max or Dr. Max, is a computer scientist with IBM. At IBM Research Triangle Park, he was a principal engineer for the worldwide industry point-of-sale standard: JavaPOS. At IBM Research, some highlights include pioneering research on semantic Web services, mashups, and cloud computing, and platform-as-a-service. He joined the IBM Cloud Labs in 2014 and works closely with Pivotal Inc., to help make the Cloud Found the best PaaS.
It is of utmost importance for the future success of WebRTC to ensure that interoperability is operational between web browsers and any WebRTC-compliant client. To be guaranteed as operational and effective, interoperability must be tested extensively by establishing WebRTC data and media connections between different web browsers running on different devices and operating systems. In his session at WebRTC Summit at @ThingsExpo, Dr. Alex Gouaillard, CEO and Founder of CoSMo Software, presented ...