While the basics in every attack scenario may be different, SQL injection, distributed denial-of-service (DDoS), and phishing are common tools of the trade, the panelists said. Adequately programming network firewalls, log monitoring and auditing applications for coding errors are some of the activities that should be taking place.
"I would start with the lowest common denominator before I start worrying about advanced attacks," IOActive's Valasek said. "There's a reason why the Black Hole exploit kit is so popular, even though it uses all old bugs."
BH's Honan said his firm is seeing cybercriminals using extortion much more than ever before. An attack typically involves targeting a company's remote desktop protocol, exploiting weak and default passwords, he said. Once the attack happens, the cybercriminals get to the system backup and lay low for months before encrypting all the company's data and demanding money for the key, he said. Companies have been able to extort thousands from businesses.
"People pay up quickly, and that's where the money is," Honan said. "Every company we've dealt with, it's a business decision to pay, and they all got their data back."
Security experts tend to be cynical often dismissive of the sophistication of attacks, but Akamai's Corman said the adversary is gaining sophistication, not necessarily the attack. For example, the freely available Metasploit penetration tool can be used maliciously, he said.
"Basic SQL injection is working on us," he said. "A script kiddie gets better every time someone adds a module to Metasploit."
PUBLISHED FEB. 28, 2013