Focused Thieves looking for payoffs in the Enterprise

I’ve been afraid of this for years… it’s amazed me that the people capable of writing worms, trojans and rootkits weren’t using these skills for financial gain.  The whole concept of ILoveYou and Nimda just creating denials of service was almost disappointing in a way.

Not that I minded having to deal with these temporary outages rather than real permanent damage.  It was nice to have a few more years to get our s*** together…but now it seems that the damage potential of these attacks has finally caught up with us.

I’ve been hearing from colleagues of mine for the last couple of years that there have been an increasing number of “stealth” attacks that have been both (a) much more focused and intelligent, and (b) much more damaging or criminally motivated.  I’ve been pretty jaded at all this “cloak and dagger” storytelling – it always reminds me of the folks who want you to believe they know something you don’t, and keep teasing you with the “big secret”, but are mostly full of crap.  Or all the folks with backgrounds in information security in the military – talking all the time about how crazy the threats are that they faced, but always stopping short of actually providing hard evidence – or even just believable stories – to back up these claims.

It’s not that I didn’t believe there wasn’t a growing criminal, financially motivated element to the information security threats.  However, it’s been difficult to gauge the likelihood/frequency of such threats, and I’ve been concerned with helping my customers address the prevalent threats that actually manifest on a regular or inevitable basis.  It seemed like a series of edge cases – fascinating technical issues that don’t affect most organizations, and the greatest impact on most customers was distracting them from focusing on the fundamentals.

Well, I’m becoming convinced that we’ve crossed an inflection point.  Stories like this are coming up more and more, and making it sound like there’s a significant proportion of security attacks that are taking on these criminal, financially motivated motives.  I really wish I could continue to believe we’re still living in the era of “flickering lights”, but it’s starting to feel like we’re entering the era of “smashing lightbulbs”. 

Link to Info Thieves Take Aim at the Enterprise