Menu
Security firms seen as tardy in China hack response

Security firms seen as tardy in China hack response

Are security firms paying enough attention to the kind of cyberattacks recently linked to China's military?

Email security vendors have failed to do enough to protect customers against advanced cyberattacks like the one recently linked to the Chinese military, experts say.

Vendors have needlessly left customers exposed to spear phishing, which is the most effective way hackers have of penetrating corporate networks. The technique involves scouring the Web for information related to the target in order to craft an email most likely to trick the person into clicking an attachment or visiting a malicious website.

"The players that have had email and Web security solutions have failed at their job," Rick Holland, an analyst at Forrester Research, said yesterday.

The result has been successful spear phishing-based cyberattacks like the one recently uncovered by Mandiant. The security vendor this week released a 60-page report that traced an advanced cyberespionage operation to a Chinese military unit.

Researchers at the Georgia Institute of Technology are working on analytics that they hope will one day be able to spot bogus email and warn recipients. Before starting the project, research scientist Andrew Howard investigated the market last year and found only one vendor that he believed had reliable analytics.

"The technologies available out there to help with this problem are severely inadequate," Howard said.

Georgia Tech researchers are looking at the possibility of developing algorithms that could look at the content of the email to determine whether it contains information readily available from public sources. The technology could also compare the email with the messages the recipient normally gets to look for abnormalities. In addition, if the email was sent to multiple individuals, that could be another sign of spear phishing.

The research is at an early stage, so there's been no decision whether the technology would be open source or commercialised. "At a minimum, they'll be some good papers written," Howard said.

The failure of companies such as Symantec, Cisco, McAfee and Proofpoint to adequately address spear phishing has opened the door to companies like FireEye and Damballa, which have products to fill the gap, Holland said.

However, the problem is this requires a Symantec customer, for example, to add technology that should already be in the vendor's product. "Instead of having one solution that's able to address this problem, I now have to buy another point product to cover up what my existing technology has been failing at," Holland said.

The email security vendors are starting to play catchup, due to the success of FireEye and Damballa, Holland said. For example, Proofpoint released last spring analytics aimed at catching advanced malware used in spear phishing attacks.

Not everyone is sold on the need for expensive analytics. Many companies could improve security dramatically by strictly limiting, or removing, applications known to contain many vulnerabilities exploited by hackers, such as Java and Adobe Flash, said Al Pascual, an analyst at Javelin Strategy & Research.

In addition, companies could use less expensive email authentication technology that looks at the sending mail servers and the IP addresses of the sender to determine whether the email is legitimate, Pascual said.

Such technology uses the Sender Policy Framework (SPF) and the complementary DomainKeys Identified Mail (DKIM). Another anti-phishing technology released last year was the Domain-based Message Authentication, Reporting and Conformance (DMARC) framework.

"Unfortunately, it's been around for awhile, but not a lot of businesses are using it," Pascual said of the various technologies. "It's very underutilised."


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags international news

Featured

Slideshows

The making of an MSSP: a blueprint for growth in NZ

The making of an MSSP: a blueprint for growth in NZ

Partners are actively building out security practices and services to match, yet remain challenged by a lack of guidance in the market. This exclusive Reseller News Roundtable - in association with Sophos - assessed the making of an MSSP, outlining the blueprint for growth and how partners can differentiate in New Zealand.

The making of an MSSP: a blueprint for growth in NZ
Reseller News Platinum Club celebrates leading partners in 2018

Reseller News Platinum Club celebrates leading partners in 2018

The leading players of the New Zealand channel came together to celebrate a year of achievement at the inaugural Reseller News Platinum Club lunch in Auckland. Following the Reseller News Innovation Awards, Platinum Club provides a platform to showcase the top performing partners and start-ups of the past 12 months, with more than ​​50 organisations in the spotlight.​​​

Reseller News Platinum Club celebrates leading partners in 2018
Meet the top performing HP partners in NZ

Meet the top performing HP partners in NZ

HP has honoured its leading partners in New Zealand during 2018, following 12 months of growth through the local channel. Unveiled during the fourth running of the ceremony in Auckland, the awards recognise and celebrate excellence, growth, consistency and engagement of standout Kiwi partners.

Meet the top performing HP partners in NZ
Show Comments