Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Ideas for defending against cyberespionage

Antone Gonsalves | July 3, 2014
Russian hackers who broke into the networks of Western oil and gas companies used techniques that companies can detect and oftentimes defend against, experts say.

Another defensive strategy is to sandbox the browser using a tool like Sandboxie, Kevin Lawrence, senior security associate for consultancy Bishop Fox, said. "Sandboxie will limit or prevent downloaded malware from accessing your system."

As a best practice, browser software and plugins should always be kept up to date with patches and upgrades to ensure that at least all known vulnerabilities have been fixed.

An indication of the sophistication of the Russian group, named Energetic Bear, was how it broke into the networks of industrial control software makers and compromised products used by many oil and gas companies.

Symantec found three industrial control system (ICS) manufacturers whose software had been compromised in this way. Malware-infected products included software that provided virtual private network (VPN) access to ICS hardware, a software driver and applications used to manage wind turbines and biogas plants.

The names of the companies were not disclosed.

For manufacturers to protect customers from such threats, experts suggested using hash values for accessing the software to ensure it has not been tampered with.

"By providing a way to validate that the download matched the original one posted on the site, the end user can better assume that the files have not been tampered with," Gilsinn said.

With so much business being conducted with suppliers online, Mike Lloyd, chief technology officer for RedSeal Networks, recommended companies map out and monitor all network connections.

"This has been ignored for too long, leading to a rat's nest of legacy connections that are poorly understood, shadowy, and hence ideal attack pathways," Lloyd said.

Because no single technology is capable of blocking or detecting all attacks, Symantec recommends a "layered approach" to protecting the corporate network.

"Any single layer that the attacker is unable to bypass can prevent successful data exfiltration," Eric Chien, technical director at Symantec's Security Technology and Response team, said.

 

Previous Page  1  2 

Sign up for MIS Asia eNewsletters.