Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attackers Think Small For Big Results

Earlier this week, it was reported that hackers stole information from the U.S. Department of Transportation and several U.S.-based companies by tricking employees with fake job-listings on advertisements and e-mail.

What's truly worrisome is that these data thefts demonstrate how attackers can thwart robust defenses.

First, the attackers hit a limited number of targets. This has two benefits for bad guys trying to stay under the radar. First, it exploits the numbers game of AV detection -- that is, the more hosts you infect, the greater the chances the malware will get reported and a signature will be created. Infecting a smaller number of hosts increased the time the malware would remain undetected by scanners.

A limited target size also improves the chances that malware won't be detected by other means such as traffic analysis. Even if the target companies regularly monitor network activity or review logs to look for anomalous behavior, by compromising only a small number of hosts, the attackers avoided detection long enough to steal data.

  • 1