Malware Threat Comes Full Circle to Focus Again on End Users

NEWS ANALYSIS: In recent years, the primary malware and cyber-crime threat had shifted to attacking servers, But cyber-attacks have turned their focus back to endpoints.

Endpoint Cyber-Attacks 2

WASHINGTON—The SINET security technology conference that convened Nov. 3 and 4 at the National Press Club here is one of those quiet little meetings that you rarely hear about, but which includes some of the top security thinkers and analysts in the world.

This is mainly due to the fact that the conference is sponsored by the cyber-security folks at the Department of Homeland Security, which has a significant presence at the event.

While it’s easy to sit back and let the companies taking part in this event pitch the latest information about their products, the fact is that there’s a lot more going on below the surface than that.

Perhaps the most useful information comes from security researchers who keep their hands on the pulse of the current threats. These are the folks who know what’s about to happen, and have the best idea about where to look for it.

For a couple of years, the primary thrust for cyber-attacks moved to the server and away from endpoints. The reasoning was simple. After all, the richest data sources sought by criminals and state-supported hackers resided there and presented the greatest potential return for their effort. This is why they went after the business critical data stored in servers.

But that’s changing. The primary reason for the change is that servers are comparatively easy to protect. After seeing fiascos such as the Target breach, segmentation became more common, companies began encrypting their data and data was divided into areas with more access control.

While this hasn't eliminated all server-oriented attacks, it has made them less attractive. Now with fewer exceptions, cyber-attacks are moving back to the endpoint, not because it’s more efficient, but because the chances of success are much greater, security experts here said.

“Now outsiders are using insiders to get what they want,” said Dtex Systems CEO Mohan Koo. “The gaping hole is on the inside.” Koo, whose company specializes on blocking insider threats, said that the attacks include the use of hijacked credentials, malicious actions by insiders and of course what he aptly describes as “silly mistakes.”

He said that a significant factor in the end user attacks boils down to the attackers getting better at social engineering. Other experts I talked to at the conference said that the social engineering is getting good enough that it’s very difficult for the recipient of an email to know for sure whether it was sent by the person who seems to have sent it, or whether their address was spoofed.

In fact, the attackers are getting so good that they’re able to put together information designed specifically to fool the recipient. Yoel Knoll, marketing director of Secure Islands, a company that works with email security, said that many times the spoofing was so good that the recipients would believe that the sender had to be who they said they were because of details they were able to provide.

Wayne Rash

Wayne Rash

Wayne Rash is a freelance writer and editor with a 35 year history covering technology. He’s a frequent speaker on business, technology issues and enterprise computing. He covers Washington and...