SEATTLE — Disclosures last week about network intrusions at the New York Times and the Federal Reserve demonstrate that some companies have begun taking progressive steps to detect – and limit damage – from persistent cyberintruders.
Thieves and spies are hacking into company networks as intensively as ever. But some large organizations are starting to limit the damage they can do, once inside. Information about successful defense strategies are being more widely shared for the greater good.
“If you stop the bad actor from taking action on his or her objective, you win,” says Steve Adegbite, director of cybersecurity at defense giant Lockheed Martin.
In the past 18 months, U.S. companies and agencies have more readily acknowledged that breaches are occurring daily and have moved to update systems for detecting persistent intruders and limiting the damage they can do, security experts say.
The New York Times hired forensics firm Mandiant, which used military-style counter-intelligence tactics to detect and cripple intruders, who appeared to be based in China. The paper then surprised many in the security community by sharing details of Mandiant’s findings.
“It’s turning a page,” says Kurt Baumgartner, senior security analyst at Kaspersky Lab. “They immediately disclosed what the attackers were looking for, down to the reporters’ material the attackers were hunting.”
A day after the Times disclosure, The Wall Street Journal announced that it, too, detected and blocked network intruders, who also appeared to originate from China. Last Thursday, the Federal Reserve disclosed a breach of one of its internal websites. The hacking collective Anonymous claimed responsibility for the hack. The intruders got access to emergency contact information for 4,000 banking executives. But the agency said no critical operations were affected.
Those cases illustrate how companies and agencies are focusing on tactics to flush out intrusions in progress and prevent attackers from accessing the most valuable intellectual property, says Eddie Schwartz, chief information security officer at security firm RSA.
“There is a growing awareness that organizations are under constant attack in terms of nation-state espionage, organized criminal theft and hacktivist action and that they must implement equally advanced and committed defenses,” says Schwartz.
Security analysts hope that other breached organizations, led by the Times’ example, share detailed intelligence about both successes and failures in defending against cyberintruders.
“It’s like being at an Alcoholics Anonymous meeting — first you have to acknowledge you have a problem,” says Gunter Ollmann, chief technology officer at security consultancy IOActive.
Chris Petersen, chief technology officer at tech systems provider LogRhythm, cautions that cybercrime has become a rich and resilient global industry that won’t soon relent. “The motivations driving malicious cyberactivities continue to rise,” he says. “There is money to be made, points to get across and war to wage.”