Slashdot Mirror

← Back to Stories (view on slashdot.org)

How Cyber Spies Infiltrate Business Systems

Posted by kdawson on from the hire-the-baddest-pen-testers-you-can dept.

snydeq writes "InfoWorld's Bob Violino reports on the quiet threat to today's business: cyber spies on network systems. According to observers, 75 percent of companies have been infected with undetected, targeted attacks — ones that typically exploit multiple weaknesses with the ultimate goal of compromising a specific account. Such attacks often begin by correlating publicly available information to access a single system. From there, the entire environment can be gradually traversed enabling attackers to place monitoring software in out-of-the-way systems, such as log servers, where IT often doesn't look for intrusions. 'They collect the data and send it out, such as via FTP, in small amounts over time, so they don't rise over the noise of normal traffic and call attention to themselves,' Violino writes. 'There's probably no way you can completely protect your organization against the increasingly sophisticated attacks by foreign and domestic spies. That's especially true if the attacks are coming from foreign governments, because nations have resources that most companies do not possess.'"

2 of 83 comments (clear)

  1. Wait what? by moogied · · Score: 3, Informative

    Maybe its because I work for a large state's DOJ... but whos firewalls are just letting out random FTP connections? In our environment nothing goes in or out unless we directly state it should be. Its all very controlled... that and a pretty hefty usage of enterprise level AV scans on each box, then IDS, then AV on emails, filtering on emails(can only go to certain addresses).. etc etc. I guess we take the "Large amount of work in exchange for very tightly controlled systems" approach. Maybe other places should too?

    --
    So basically, -1 troll/offtopic is really slashdots way of saying "I hate that you thought of something before me."
  2. Re:Cyber Spies by Trepidity · · Score: 4, Informative

    Here's what Ted Nelson had to say about it:

    "Cyber-" means 'I do not know what I am talking about'

    "Cyber-" is from the Greek root for "steersman" (kybernetikos). Norbert Wiener coined the term "cybernetics" for anything which used feedback to correct things, in the way that you continually steer to left or right to correct the direction of a bicycle or a car. So "cybernetics" really refers to control linkages, the way things are connected to control things.

    Because he was writing in the nineteen-forties, and all of this was new, Wiener believed that computers would be principally used for control linkages-- which is if course one area of their use.

    But the term "cybernetics" has caused hopeless confusion, as it was used by the uninformed to refer to every area of computers. And people would coin silly words beginning with "cyber-" to expand ideas they did not understand. Words like "cyberware", "cyberculture", "cyberlife" hardly mean anything. In general, then, words beginning with "cyber-" mean "either I do not know what I am talking about, or I am trying to fool and confuse you" (as in my suggested cybercrud).

    --
    10 PRINT CHR$(205.5+RND(1)); : GOTO 10