counter free hit unique web
Home Company Solutions Markets Partners News and Events Client Login Knowledge Center Contact

Knowledge Center

Security Bulletins
The Perimeter EDGE

 

NewsLetter Sign Up button

Customer Notification: Recent Attack Activity

For some time Perimeter eSecurity has been warning customers about a new generation of attacks.  

http://www.perimeterusa.com/whitepapers.html

These attacks utilize a variety of traditional methods (often referred to as a multi-pronged attack, hybrid attack, or combo-attacks).  Recently, the Perimeter security operation center (SOC) has seen a flurry of these attacks.  We felt the need to communicate to our customers due to the attack severity and the reliance these attacks have on “social engineering” techniques (i.e. end user involvement).

A recent example of one such attack is commonly referred to the “BBB Phishing Trojan”.  The end user will get an email that appears to be from the Better Business Bureau (BBB).  The email has a PDF attachment that by itself is completely harmless.  Once opened, the end user is directed to click on a link.  Users that click on this link open a malware (malicious software) website that prompts them to install a file that infects the system with a Trojan Horse program.  In this example, the attack was setup to redirect to any of 254 different IP addresses to reduce possible detection by security devices. 



Once the Trojan is installed, it will collect any data that is transferred through the web browser; this includes sensitive information including username and passwords.  Within the first days the attack was active, hundreds of megabytes of data were collected. 

A more recent example is an email that appears to come from the IRS that states the company they work for is under investigation for tax fraud.  They are then directed to install a program that will help resolve the issue.  Following the directions will have similar results as the previous example.  In both cases, a combination of SPAM, Phishing, Social Engineering, malicious websites, and Trojan Horse attacks were used to facilitate this scheme. 



A layered security approach is the only way to properly protect the integrity of your networks and sensitive information.  Perimeter eSecurity goes to great lengths to give the highest level of protection based on the services each customer subscribes to.  For example, the BBB Phishing Trojan was not a virus at all, and yet anti-virus (AV) vendors eventually added the ability to detect and block the email. 

For these attacks, the best protection was achieved through the Perimeter web content filtering, which would block anyone trying to access the malicious website.  This protection was in place prior to wide-spread knowledge of the attack. Perimeter customers that utilize system anti-virus and malware protection were shielded within hours of the attack becoming public knowledge.  Intrusion detection and prevention systems were tuned to identify anyone that could become infected with the Trojan so notification could occur and connections blocked.  Customers with on-site firewalls  that subscribed to AV protection had a default policy that prevents the execution of executable files, which would prevent the installation of the Trojan program. 

What we should take away from these recent attacks is the confirmed need for a layered defense model.  Very few Perimeter customers even saw the BBB email because many customers already have multiple layers of security implemented.  Customers with little or no layered defense have a much greater chance of being affected by multi-pronged attacks such as the BBB and IRS attack.  It is impossible to know which layer of defense will protect your network from the next attack.

Unfortunately, many end users believe that simply visiting a website is harmless.  The truth is that by simply clicking on a link, you are authorizing that website to display and install on the end user system nearly anything it wants.  Part of a layered defense model is to train your employees to be suspicious of email, and other forms of communications, that direct them to access web sites, open attachments, etc. 

I would strongly encourage each of you to spend a few minutes evaluating your layered security approach and, if necessary, work with your Perimeter account manager to find additional solutions that may protect your networks.  Perimeter has also developed a tool called the Risk Profiler (www.riskprofile.org ) that can help identify security gaps and risk mitigation solutions.  The tool is freely available.  Talk to your Perimeter account manager to obtain an access code.  If you don’t know who your Perimeter account manager is, call 1-800-234-2175. 

Kevin Prince
Chief Security Officer
Perimeter eSecurity
 
 


© 2008 Perimeter eSecurity™ All Rights Reserved. | Privacy Policy