In his quick-hit, “To the Point” session on the biggest security threats we can expect to see in 2013, Gartner VP and Distinguished Analyst John Pescatore took less than 30 minutes to give an early morning crowd at Gartner Symposium 2012 plenty to worry about.

The short, 8 a.m. session focused largely on advanced persistent threats and the way intruders use highly targeted – and effective – spear phishing attacks to break into corporate networks.

One attack vector is social media sites such as LinkedIn, which in June suffered a breach that resulted in stolen passwords. When married to personal data from the LinkedIn users, the passwords are especially valuable. A hacker may find a network or system administrator who uses the same password at work and on LinkedIn and, voila, he’s got the keys to the kingdom, Pescatore said.

More insidious, though, are the spear phishing attacks. Here hackers use social media sites to glean enough personal information about their victims to launch credible attacks. For example, if a hacker is targeting Acme Corp., he may do a little research to find out that the CFO’s executive assistant is Mary. With that information, he monitors Mary’s Twitter feed and learns she is active in a running group. After monitoring the group’s forum, mailing list and/or Twitter feed for a few weeks, the hacker learns when she typically runs. Eventually, Mary tweets about a tough 10K run that morning.

That’s just what the hacker needs. He sends Mary an email with the subject line, “Running pics from Sat. 10K.” Since it’s completely in context, Mary thinks nothing of opening the email and clicking on the link – which of course launches a remote access Trojan that allows the hacker to “own” Mary’s machine. Before long, the hackers have not only her credentials, but those of her CFO boss.

No amount of education is likely to protect an employee from opening an email that is so highly targeted, Pescatore said, so stopping it at the front end will be difficult. Software that protects users from going to malicious web sites is only marginally effective because the bad guys change the sites frequently. More effective is software from vendors such as FireEye and Fidelis Security Systems that is designed to detect APTs by continually inspecting all applications and content on the network. Additionally, role-based software that can identify issues such as a CFO’s login coming from an admin’s PC as an anomaly can be helpful, he said.

Tags: , , , , , , ,