Join the Community

22,086
Expert opinions
44,061
Total members
421
New members (last 30 days)
193
New opinions (last 30 days)
28,702
Total comments

How many Fortune 500 Companies Compromised? Answer Inside

In the last few weeks I’ve been talking to some of the corporations hit by famous Operation Aurora; the attack that triggered the Google-China virtual war.

The CISOs of these companies are facing a daunting task. These incidents reached board-level attention, and left many questions unanswered. How good are the traditional defense mechanisms? What control do I have over what my employees do at work and at home? What sort of data is stolen from the corporate?  Is there anything that can be done to identify and seal all the gaps? And what exactly is the scale of the threat? Is it an industry-wide problem?

RSA’s latest whitepaper on Cybercrime (registration required) addresses the last question. To be more exact, it asks the following question: how many Fortune 500 companies have compromised PCs running Trojans?

Take a guess.

10%?

20%?

Would you dare say 30%?

The correct answer is 88%, and truth be told, this is probably a conservative estimate. Virtually every company has employees that were infected with Trojans, and bring the problem into the office. These Trojans are busy moving terabytes of corporate data to stealthy drop zones scattered around the Dark Cloud of Cybercrime infrastructure.

After all, it’s a numbers game. Zeus, a highly popular Trojan kit, runs on 3.6 million computers in the US, and that’s a conservative estimate. Mariposa had 12.7 million PCs infected including those belonging to half of the fortune 1000 companies. If you have tens of millions of consumer PCs infected, you’re bound to have tens of thousands of fortune 500 resources infected.

Then there are targeted attacks. In Operation Aurora employees of 34 mega companies including Google, Intel, Adobe as well as giant defense contractors, utilities and media companies got emails containing a corrupt PDF document; when they opened it, a chain of vulnerabilities led to the hijacking of their PCs, allowing the Cybercriminals access into the corporate network from the compromised machines.

In other types of Trojans such as Zeus, the employees are typically infected at home when they are not connected to the network (although some infection happens during work and behind the firewall). Most of these infections are on laptops – a phenomenon I dubbed Curse of the Were-Laptop. It can also be a remote-access PC, i.e. a private computer that is allowed to establish a VPN connection to the network. And it can be a mobile device such as a Smartphone.

You don’t have to be stupid to get infected. Drive-by-Download infection happens automatically whenever you surf into a compromised site – the latest example is the US Treasury website (don’t worry, you can click on the link) – and you happen to have an un-patched component (including basic Internet tools like Flash, Java or Acrobat Reader, not to mention browser or operating system). You can also be tricked to download something – for example when a social network buddy sends you a link to a ‘cool video’.

Once infected, the Trojan will start recording all Internet related traffic, perform keylogging, grab emails, browser-stored passwords, and a long list of additional items. The Trojan doesn’t stop at online banking credentials and credit card data: it steals your social network posts, your medical content, your private chats, your constituent letters, and all of your work related content: credentials for internal systems, emails you sent or received, corporate financial results, sensitive customer-related web forms you completed in CRM systems.

If you see the corporate data floating around in Trojan motherships, you get goose bumps. It’s a hair splitting, nerve wracking experience.

All of this means one thing: the battlefield is changing. Employees, rather than networks, are now in the front. And the industry needs to build a new defense doctrine against these emerging threats.

 

External

This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.

Join the Community

22,086
Expert opinions
44,061
Total members
421
New members (last 30 days)
193
New opinions (last 30 days)
28,702
Total comments

Trending

Kyrylo Reitor

Kyrylo Reitor Chief Marketing Officer at International Fintech Business

How to avoid potential risks when working with correspondent accounts

Kathiravan Rajendran

Kathiravan Rajendran Associate Director of Marketing Operations at Macro Global

Is a Seamless Cross-Border Payment Future Possible?

Now Hiring