Companies Will Soon Know if Their Website Will be Targeted for Attack

Posted: December 10, 2013 in Articles
Tags: , , , , ,

MalwareMalware, viruses, bot injection, DDoS attacks ad infinitum. For years now they have been the bane of webmasters, company executives and owners around the world.

With the annual damage from malware alone exceeding $13 billion, to date there has been no solution to predict if an attack is coming your way or if your website is on the “target list”.

New technologies in corporate internet security monitoring are changing this, with dark spiders which can now crawl the full spectrum of the cyber criminal chatter network to see if your company website, name or even key staff names are on a list somewhere.

How this is done

Using the basic algorithmic laws used in creating a search engine, honing in to see if your website is being discussed online somewhere is relatively simple. In fact there are multiple tools out there which will allow you to pull search results directly relating to custom variable inputs. This would give you immediate feedback to see if your site was on a public blackhat forum. Example:

Google search: blackhat “yourwebsite.com” and you may just find it on the available search result being discussed somewhere. But most like you wont.

Why?

The issue with this is that 90% true cyber criminals do not use publically available discussion forums to formulate their next attack or gain new malware tools to infect a website.

Of course there are public hacker locations. Just google this: hack “navymemorial.org”

The ol’ Navy got a nasty shock some time ago when their memorial website went down, replaced with death metal music and a scull & crossbones.

But the problem which had to be solved was how to look deeper. How to scan also those website which were not indexed by search engines or, even more clandestine, were using dark web locations such as TOR, IP2 or IRC.

Using this same principal of search engines technological advancements have made this possible. Many larger corporations are now looking for cyber intelligence agencies who can run searches deep so as to provide truly predictive security intelligence.

By the end of 2014 we will see these tools go mainstream; packaged and priced so that every webmaster or website owner can afford these services.

After all, if you knew what the enemy was going to do before they did it, you could effectively place provisions to ensure it didn’t happen.

What goes on behind the malware scene

Simply put, the creation, export and execution of malware has become an very organized activity. The structure looks like this:

  1. New malware gets envisioned
  2. Utlizing underground communication networks the cyber criminals gather the necessary skilled individuals to create the malware for a specific type of target.
  3. Once created, these same channels are used for testing. This includes new malware testing platforms which show how successful the malware will be.
  4. Alpha and Beta versions are walked through with selected members.
  5. The source target (whether a single corporation website, server or computer) is chosen.
  6. The cyber criminals then provide each other with intelligence on the technical structure, physical outlines or vulnerabilities.
  7. Specific individuals or hacker groups are selected to carry out the first attack depending on skillset.
  8. The attack takes place.
  9. If successful, result are posted with evidence.
  10. The malware then get placed on the dark web Black Market for sale and use.
  11. The malware goes into broad use.

Looking at the above sequence one can see a common denominator for each point. This is, each point requires communication and organization.

So the solution becomes (once you have all on-site or internal security in place) monitoring that communication if it relates to your company, your software, your servers, your computers.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s