Security Market Segment LS
Thursday, 02 June 2011 17:01

Defending against the cyber cold war


If you supply someone who supplies the government, are you the weak link in the security chain? Could your organisation be a stepping stone to an attack on a government or military target?

Brett Wahlin, chief security officer and vice president of IT at McAfee, reckons we could already be in the midst of a cyber cold war.

Wahlin, who has worked in security in both the public and private sectors, told iTWire that while there is a widespread threat from organised groups with purely financial goals (credit card theft, etc), the growth in specific attacks points to a different set of players.

Pointing to attacks on Google, RSA and Lockheed Martin, he asked "what's the motivation?" These companies were not the ultimate targets, he suggested, but merely stepping stones to reach another goal.

"We're starting to figure out what the end games are," he said, suggesting that it involves supply chains. Is it easier to attack the US government directly, or via its suppliers, he asked.

Wahlin pondered that the attack on RSA may have been a stepping stone to reach Lockheed Martin, echoing similar suggestions from other quarters. And there have been other reports that an attempted hack attack on US Department of Defense contractor L-3 Communications involved the use of RSA tokens.

Page 2: zero-day vulnerability + social engineering = advanced persistent threat.

He pointed out that what turns a zero-day vulnerability into an advanced persistent threat was the social engineering needed to quietly get an exploit onto victims' computers.

"A lot of the cold war guys are very good at [social engineering]," he said, and suggested that a general lack of awareness of security matters among employees hindered attempts to guard against such attacks.

One trick is to assemble snippets of information from multiple sources and then piecing them together. Wahlin said McAfee was aware that its employees had been approached for information in a variety of situations, including after attending church services, and in bars and car parks. The question can seem innocuous, along the lines of "who should I talk to at your company about X?"

While there is a good awareness of security matters in the government sector and stringent processes to gain clearances, but in the commercial world people are "largely numb" to such issues.

He believes we are getting to the point where people are going to be blackmailed in order to obtain information or to coerce them to carry out some action contrary to their employers' interest.

The line between the digital and physical worlds has now been crossed when it comes to information security matters, Wahlin said.

"The signs are all there, I'm just hoping I'm reading them wrong," he told iTWire.

How might you guard against such stealthy attacks? See page 3.

One problem is that people are reluctant to report security related events to avoid embarrassment. He suggested that one way would be to watch for changes in the way they (in particular their PCs and other devices) interact with the corporate network.

This would mean processing a lot of data (which would have to be automated to make it affordable) and it would raise privacy concerns, "but the bad guys are already doing it [profiling people]." By avoiding being judgemental about what's recorded and simply using it to detect changes would allow corporate IT staff to spot many issues.

IT security staff would still be needed to handle matters such as data loss prevention, Wahlin said, but spotting anomalies "is how you detect unknown threats."



You cannot afford to miss this Dell Webinar.

With Windows 7 support ending 14th January 2020, its time to start looking at your options.

This can have significant impacts on your organisation but also presents organisations with an opportunity to fundamentally rethink the way users work.

The Details

When: Thursday, September 26, 2019
Presenter: Dell Technologies
Location: Your Computer


QLD, VIC, NSW, ACT & TAS: 11:00 am
SA, NT: 10:30 am
WA: 9:00 am NZ: 1:00 pm

Register and find out all the details you need to know below.



iTWire can help you promote your company, services, and products.


Advertise on the iTWire News Site / Website

Advertise in the iTWire UPDATE / Newsletter

Promote your message via iTWire Sponsored Content/News

Guest Opinion for Home Page exposure

Contact Andrew on 0412 390 000 or email [email protected]


Stephen Withers

joomla visitors

Stephen Withers is one of Australia¹s most experienced IT journalists, having begun his career in the days of 8-bit 'microcomputers'. He covers the gamut from gadgets to enterprise systems. In previous lives he has been an academic, a systems programmer, an IT support manager, and an online services manager. Stephen holds an honours degree in Management Sciences and a PhD in Industrial and Business Studies.



Recent Comments