Idappcom says Qakbot-driven theft of data on 210,000 US unemployed highlights need for multi-layered IT security
According to Idappcom's Ray Bryant, the data security specialist's chief executive officer, the Executive Office of Labor and Workforce Development reportedly spotted the worm on its systems several weeks ago and took what it thought was remedial action.
"Now almost four weeks later, the agency has realised the worm has reappeared on its systems, and the data - which includes a variety of sensitive personal information on newly-unemployed people - has clearly been put at risk for that period," he said.
"What's interesting - and quite sad from a security perspective - is that the state agency clearly had the technology to detect the presence of the worm on its systems, and its IT staff took action to remove the malware from their computers," he added.
Unfortunately, he went on to say, as happens so often with the latest iterations of malware like Qakbot - which at its height last summer was stealing 2GB of confidential data a week (http://bit.ly/avWJA6) - the worm came back with a vengeance, and the IT security people were unable to spot this.
The Idappcom CEO explained that this illustrates the need for multiple layers of protection in an era when cybercriminals are getting extraordinarily clever at evolving existing malware, as well as developing new and multi-vectored threats,
And whilst the reasons for the re-infection will no doubt be reported on once the agency has completed its investigation, Bryant says that the take-out from this is that the increasing complexity of threats is a rising problem - as are the cunning delivery methods used by cybercriminal.
Social networking, he says, may be the latest buzzword, but good old fashioned back doors are still an easy entry point for many hackers to deliver immediately actionable threats and 'sleepers' - or perhaps worse - both at the same time.
This, says Bryant, is the most likely problem in this case: a threat delivered which may have been deliberately open for detection but at the same time deliver sleepers in several places, perhaps in the registry or using an 'update' to Internet Explorer that is loaded with malware.
These old tricks, he explained, are still very relevant. The methods used to counter these attacks centre around effective procedures, excellent housekeeping and the training of staff, along with desktop protection and ensuring that devices are patched and not infected.
"But," he said, "there really is no substitute for ensuring that your gateway to the outside world is protected by firewalls and intrusion prevention technology. Taking the security device out of the box and plugging it in and forgetting it, is simply not adequate."
Constant configuration, audit and testing defences - and updating with security signatures that look at vulnerabilities - is now an essential part of the IT security process, he explained.
Organisations also, he notes, need to have solid contingency plans in place to deal effectively with an infection in the event it does happen.
"Contrary to what many people think, this isn't rocket science. The technology to better defend corporate servers - as well as small business computers - exists today. What is needed is a good security planning and review process, as well as contingency plans to prepare for when the worst happens," he said.
"Good management of an organisation invariably revolves around effective management of all aspects of the business. IT security is no different, so organisations need to move on from the set-it-and-forget-it approach to the IT security of yesteryear," he added.
"IT security managers need to move on up to the latest technology and planning processes. IT vendors don't develop upgrades and updates for the fun of it. IT managers need realise this simple fact."
For more on Idappcom: www.idappcom.com
For more on the Massachusetts theft of 210,000 people's data:
Idappcom Ltd. are a private UK registered company and were founded in 2004. Our Objectives are to provide excellence in the field of IT security and application security and management. Our main product, Traffic IQ, is a vulnerability assessment tool and has wide acceptance with security professionals throughout the world. Clients include major security appliance vendors, independent appliance testers, Military establishments, Telecomms companies and various others across a broad range of industries.
For more on Idappcom: www.idappcom.com