It's “the same but different” says Richard Turner, EMEA president of security company FireEye, characterising the company's most recent Advanced Threat Report. “I think 2015 will go down as the year with the highest number of breaches” he says. Interestingly enough, 2014 was the last year with the highest number of breaches, and 2013 before that.
Richard Turner became EMEA president of FireEye this February after nine months as EMEA vice president. Richard has spent years in cyber-security, armed with stints at an array of bleeding-edge cyber companies including Proofpoint, CertiVox and Clearswift.
FireEye's new Advanced Threat report for the EMEA region it has three principle findings. First that aerospace companies, energy companies and governments were the three most targeted types of organisation. Second, that Israel, Saudi Arabia, Spain, the UK and Germany are the most targeted countries; and finally, that it's becoming harder and harder to distinguish between the kinds of attackers that organisations do face.
“We see a blurring of threat actor groups.” he says, “it's pretty difficult for us to identify whether, of the hundreds of groups we do follow, it's a new group, or its a existing group using a different technique or it's a technique that in the past was used by a nation state is now being used by organised crime
But what are the implications of these findings? “We've seen a massive growth in the number of successful attacks as highlighted by headlines” says Richard. But: “There aren't similar headlines in newspapers about shutdowns, prosecutions, jailings and those kind of things.” There is, according to Richard, a widening gap between solving these problems and the ability of attackers to successfully breach organisations.
We continue to see that organisations, especially in Europe, “whether they be private actors or government” are failing to recognise, “that they're spending a lot of money trying to solve this problem; what they're spending is not terribly effective.” Instead falling back on what Richard calls “historical, layered defence strategies.” There is a tendency to think that by merely upgrading their software and building up their walls, organisations are safe.
While people don't need to spend more Richard told SCmagazineUK.com, they do need to “spend differently, change their attitude focus on a more dynamic approach to this problem.” He added, “organisations continually need to think about how they really readjust, refocus on strategies that enable them to be resilient and recover from a cyber-attack.”
Organisations have to take, “less from these historical security models” which say “Hey, it doesn't look like anyone's climbed over the wall, so we must be secure.” Richard reminds us, “Yeah, but they might have dug under the wall.”
FireEye's Mandiant Team recently discovered SYNful knock on nearly 200 Cisco routers around the world. Previously thought only theoretical, SYNful knock presents a new kind of bug, which, as opposed to climbing over the proverbial walls, digs under them and leaves an open door into the victim's network.
The Cisco implant, “was an interesting one, because instead of subverting the technology they actually leveraged normal security vulnerability (like a password) to come in and mount a very sophisticated cyber-attack.” The significance of this attack, Richard states, is that, “If they own the edge of the network, they can see anything that's going in or out of the business; the fundamentally own the pipe in and out of the business.”