Whereas early social engineering efforts convinced someone to provide a password or other information via a convincing phone call or conversation, today’s social engineering efforts are fare more nefarious, as evidenced in great detail within the recently published report: Shadows in the Cloud: Investigating Espionage 2.0.
The report is packed with details on how attackers were able to compromise nearly 1300 computers in 103 countries. Evidence leads the researchers to believe that users were convinced to click a URL or download a document, a presentation or a PDF file by a message from (supposed) friends or acquaintances. In reality, they were the attackers spoofing their friend’s email. Once compromised, the attackers used a variety of web 2.0 applications and tools (Twitter, Yahoo! Mail, Google Groups, and numerous blog sites) as their command and control infrastructure.
Think about that for a moment. Sheer genius really. So how would a security administrator stop these attacks. Short answer, they can’t—not easily anyways. As a security vendor, I would love to say We Can Stop That Traffic, but I would be lying. So would any other vendor. Here’s why I am willing to say this.
So should we shut the doors and surrender. No.
At a minimum, organizations need to be vigilant (more so than ever) in their continued user education efforts. They need to be persistent in their patching efforts. And they need to be more intelligent in their efforts to monitor and control what types of applications are allowed on the network and what types of files and data are allowed to be transferred. It is in this last area that we can help organizations. By first setting specific policies on the usage of applications – both business and personal. And as part of that policy, control the file transfer functions as well as the files and data that can be transferred.