Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Blog

Subscribe

Eyes Wide Shut, or is This a Repeat of the Same Old Thing?

On July 31, US-CERT released a report on a Point of Sale (POS) targeting malware called BackOff. In the last week, we’ve seen news coverage of multiple highly recognizable corporations being compromised by this threat. Some of these new attacks are minor variants of the original threat, which is the standard procedure for successful malware attacks dating back to the earliest infectors of the ‘80s and ‘90s. When the bad guys find a model that works, they like to refine it or copy it.  There’s little difference in that the criminal organizations, like legitimate businesses, like to duplicate business models that work.

There’s little difference in that the criminal organizations, like legitimate businesses, like to duplicate business models that work.

Those who follow Tenable Network Security know that we released a technical notice about Backoff on August 1. We mentioned the indicators of compromise, and other security vendors updated their products to look for this threat. This included the anti-virus/anti-malware vendors who updated their signature bases. Some are asking why these corporations are being hit now. Without access to the full information we can only speculate, but common causes are that the updated security software has detected the threat that has been running for some length of time, or something triggered a security investigation, which uncovered the malware in action.

This is a very common scenario, and is one of the leading reasons that people continue to parrot the false claim that anti-virus is dead or useless. When properly deployed, monitored and maintained, traditional anti-virus does an outstanding job (better than any other tool) of keeping out the MILLIONS of known malware variants. That is both its strength and its weakness; the malware must be known, and the anti-virus application must be up-to-date. One minor change in the malware (and face it, the criminals are testing against the known anti-malware applications) and the product is unable to detect it until the industry obtains a sample. This is why anti-virus has to be used in a comprehensive defense, in-depth model, augmented by continuous network monitoring and other defenses.

Many companies overlook basic augmentations and practices that can greatly improve their security posture. While working in a corporate data security role, I often heard that things like file-level permissions were too difficult and time consuming to implement. Some low cost monitoring techniques such as honey pots, unprotected monitored systems, or network sniffers were too complex to deploy or monitor. My response was to ask, “What is more time consuming: detecting early or mass remediation?” Corporate security is performed by applying risk management: the cost of implementing a solution versus not having it implemented. Often, the negative cost is not calculable. What I mean by this is that when budget time comes, IT departments are asked, “it costs us this much to implement security practices, so justify it: how many events have you prevented?” This is the wrong question, but it’s often the only tangible one that some people have.

When properly deployed, monitored and maintained, traditional anti-virus does an outstanding job (better than any other tool) of keeping out the MILLIONS of known malware variants.

In our “Indicators of Compromise and Malware” discussion forum, we try hard to keep out FUD (fear, uncertainty, and doubt) and hype. We take high-profile or high-threat malware and discuss how to detect it using tools other than anti-malware. While we would love to have you using the Tenable Network Security line of products, the indicators are written in a way that you can leverage them with the tool of your choice.

Until corporations and users start looking at computer security in a holistic approach, we are doomed to repeat the past. In many ways, things have not changed for most companies between the Michelangelo warnings/hype of years ago to today’s BackOff situation. Yes, there is more complexity and a greater financial loss for not detecting the threat, but the reactions by the computer-using community is the same. The best protection is to leverage best practices, as well as specialization protections (like host-based anti-virus, anti-malware, intrusion detection, firewalls, etc.) and passive monitoring (like Tenable’s SecurityCenter CV with PVS, sniffers and honeypots) to form a holistic approach. When this happens, security staff and C-level executives can sleep easier. The answer becomes, “it’s another threat of the day; I’ve added some additional checks to verify we’re not affected, but we haven’t seen abnormal traffic that can be attributed to this threat.”

 

Related Articles

Cybersecurity News You Can Use

Enter your email and never miss timely alerts and security guidance from the experts at Tenable.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Try Tenable Web App Scanning

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable One Exposure Management platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Your Tenable Web App Scanning trial also includes Tenable Vulnerability Management and Tenable Lumin.

Buy Tenable Web App Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try Tenable Lumin

Visualize and explore your exposure management, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Your Tenable Lumin trial also includes Tenable Vulnerability Management and Tenable Web App Scanning.

Buy Tenable Lumin

Contact a Sales Representative to see how Tenable Lumin can help you gain insight across your entire organization and manage cyber risk.

Try Tenable Nessus Professional Free

FREE FOR 7 DAYS

Tenable Nessus is the most comprehensive vulnerability scanner on the market today.

NEW - Tenable Nessus Expert
Now Available

Nessus Expert adds even more features, including external attack surface scanning, and the ability to add domains and scan cloud infrastructure. Click here to Try Nessus Expert.

Fill out the form below to continue with a Nessus Pro Trial.

Buy Tenable Nessus Professional

Tenable Nessus is the most comprehensive vulnerability scanner on the market today. Tenable Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

Select Your License

Buy a multi-year license and save.

Add Support and Training

Try Tenable Nessus Expert Free

FREE FOR 7 DAYS

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Already have Tenable Nessus Professional?
Upgrade to Nessus Expert free for 7 days.

Buy Tenable Nessus Expert

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Select Your License

Buy a multi-year license and save more.

Add Support and Training