Security experts from Tripwire, Secure Channels, Proficio, PFU Systems, Inc commented on the latest news that Penn State’s College of Engineering had to disable their network due to a Chinese-based cyber-attack.
Ken Westin, senior security analyst for Tripwire (www.tripwire.com):
“This should be a wake up call to other colleges and universities, it is rare for only one institution to be targeted by an active cyber espionage campaign.
Given that the group was targeting engineering departments it’s pretty clear that the attacker were looking intellectual property. Many times there is deep collaboration between higher education and private industry to commercialize research, and this combined with the fact that higher education generally lacks the resources to develop a strong security posture makes them a high value target for sophisticated attackers.
I hate to be the bearer of bad news, but I think there are quite a few more breaches like this. Some of them have been detected, but many haven’t.”
Richard Blech, CEO, Secure Channels (www.securechannels.com):
“The Penn State breach is another after-the -act reaction. It would be like going to the doctor after you are sick instead of simply inoculating yourself in the first place. Why are we lauding a University for ignoring the facts? Penn State feels everyone can be breached? Then by all means don’t encrypt and protect the data.
Here is a thought, how about encrypting the intellectual property before a breach, making the stolen data useless? If a breach is ‘expected’ by Penn why was the data left valuable and for the taking? Penn State seems somehow grateful China did not get social security or credit card info. If they had wanted those things they would have breached a bank. Penn State’s engineering department was specifically targeted for their engineering IP, why they would feel relief that the hackers got exactly what they came for, is beyond me.”
Brad Taylor, CEO, Proficio (www.proficio.com):
“Hackers view universities as attractive targets. They have porous perimeter security and are often under-staffed relative to other similarly sized organizations. An interesting point about APTs is that they require multiple successful steps or attacks in a kill chain in order to get to the data and get it out of an organization. The trick is for organizations to be able to detect multiple incidents of attack in the kill chain, or Indicators of Compromise, and be able to react immediately or automatically to stop the communication and breach, even before rolling in the forensics investigation team.”
Carmine Clementelli, network security expert at PFU Systems, Inc. – a Fujitsu Company (www.inetsec.com):
“When you get a call from FBI alerting you of a cyberattack it means that the breach has already happened, your network has already been violated, your data accessed and most probably stolen.
Penn State’s systems have been breached for a long time and have gone undetected because the attack was an Advanced Persistent Threat, or APT. APTs are very sophisticated and targeted attacks performed by highly skilled cybercriminals with the means of advanced malware that can easily penetrate legacy network security technologies based on signatures or on sandboxing.
Given the success of this attack, these types of attacks will only become more frequent. Networks must be protected at every entry point with solutions that both prevent and block cyber threats from the inside of networks. Today it’s necessary to have real time network visibility into who and what is on it, and to control access automatically, to monitor and control application usage, and at the same time to detect the attacks by behavior and stop the infected devices within the enterprise environment.”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.