IMF spear phishing attack success highlights difficulty in defending IT security resources

According to David Beesley, managing director of Network Defence, the problem with spear phishing is that it is difficult to defend against owing to the fact that it primarily targets users and not PCs.

It also, he says, uses the information that attackers can gather from social networking sites, so making the phishing emails look very convincing.

"As we've seen, it makes these attacks effective against any size of organisation", he said, adding that firms need to employ a mix of user education and layered security solutions to defend themselves.

Employees, he explained, should be aware that even plausible-looking emails should be treated with suspicion, and IT teams should look at their AV and anti-spam solutions to try and stop malware propagating.

"Using web proxies can stop executables and exploit code from reaching desktops, and intrusion detection systems can help spot unusual data traffic movements", he said.

Over at security audit and logging specialist LogRhythm, Ross Brewer, the firm's managing director of international, said that, as another high profile organisation falls victim to a data breach we are once again forced to question whether it is actually possible to protect data from hackers.

"The sheer number of headline grabbing incidents suggests that attempts to prevent cyberattacks from occurring in the first place may be ineffective and that a new approach is required", he said.

The key to stopping hacks before they have a chance to do serious damage is stored in the log data generated by IT systems", he added.

These, says Brewer, provide the traceability required to spot patterns of suspicious behaviour in real-time.

Henry Harrison, Detica's technical director, meanwhile, said its positive that an organisation as large as the IMF has revealed it has been spear phished, especially since so many similar attacks go undetected.

"The reported cyberattack on the IMF demonstrates the extreme range of potential motivations for cyber attackers. Whatever business you're in - music, banking or international policy - no organisation or company can assume it is safe", he said.

"This attack shows it's not just about gaining access to customer records any more - it's about any sort of confidential information that might prove valuable to a third party", he added.

It is, he went on to say, encouraging is to see organisations such as the IMF making public announcements about successful attacks on them, when we know that many more such incidents go unreported - and an even larger number go undetected.

"Gradually, organisations are coming to the realisation that they either need to prioritise their resources and protect their valuable information in new ways, or else accept that their information is far less confidential than they had hitherto believed", he explained.


What’s Hot on Infosecurity Magazine?