data exfiltration and red october
Post on 29-Jun-2015
32 Views
Preview:
DESCRIPTION
TRANSCRIPT
Data Exfiltration and Red October
Keeping an eye on your network traffic may be your last viable line of defense against toxic
data extrusion.
It seems that new viruses are discovered like clockwork in specific industries, especially those dealing
with sensitive information. Today I read the details on the newly discovered ‘Red October’ virus – it is
eerily reminiscent of the ‘Flame’ worm, and many others that have come before. There are probably
even more that are already making the rounds and have not yet been discovered! The next big virus
is already sneaking around collecting sensitive information and sending it home; by the time it’s
discovered and gets its day in the media sun, it will have been out there for weeks, months, even
years.
The Exfiltration of Encrypted Data
What interests me about the recent batch of worms and viruses is their targeted ability to find and
exfiltrate sensitive documents. In fact, the “Red October” virus specifically searches for deleted files
and files encrypted by “Cryptofiler” which is commonly used in the intelligence community. I doubt
anybody considers this a coincidence.
Toxic Data and Data Breaches
Similarly, I doubt anybody is unconcerned with these viruses that go to great lengths to hide and
exfiltrate your most sensitive, most toxic data. Toxic data is any piece of information that will do
massive damage to your organization’s image and bottom line when its disclosure reaches the public.
Usually this includes medical records, financial records and credit cards, and any personally
identifiable information. Simply the exposure of a data breach is sufficient, irrespective of the actual
content and where the data went.
Using Evidence of Data Exfiltrations
What makes the problem so difficult to tackle is the myriad places inside your computers’ filesystems
where these viruses can hide away. There is no guarantee you will ever find them, and computer
systems are getting ever bigger and more complex, making it easier and easier to hide. It seems the
only safe bet is to search for evidence of the data exfiltrations in the network traffic, which is much
harder to hide.
Be Vigilant of Viruses and Inside Jobs
In my opinion, most organizations spend far too much time searching for viruses on their computers,
and far too little time searching for data exfiltrations over their networks. Keep in mind that it is not
only worms and viruses that may be exfiltrating your most toxic data, it could easily be anyone within
your own walls. In the end, the most important objective is to ensure that no toxic data leaves your
enterprise, and keeping an eye on your network traffic may be your last viable line of defense.
Scalable Traffic Analysis for Complex Environments
FlowTraq is a software product by ProQSys, which specializes in high volume, forensically accurate
network behavioral flow analysis. Our goal is to substantially improve your visibility and insight into
your network infrastructure to understand threats before they become incidents.
ProQSys has 2,600 customers worldwide, including Fortune-500 companies, ISP/MSPs, governments,
schools, and universities. For more information, please visit www.flowtraq.com.
top related