Intelligence sharing aims to outsmart hacker underground

TruSecure has started monthly briefings to keep its customers in step with evolving IT security threats by sharing feedback from its 30-member, global intelligence reconnaissance team.

The intelligence team monitors the hacker underground, identifies emerging threats and predicts risks for customers to keep them one step ahead.

Pierre Noel, TruSecure international security strategist, said up to seven members of the team are based in the Asia-Pacific region although sophisticated hacking groups with a high level of skill generally come out of the US and Europe.

He said Australia's hacking community is pretty low-level in comparison, describing the underground globally as a 'pyramid of knowledge' with a small concentration of skill at the highest level.

"Within this high level are those who can invent new mechanisms or serious threats; it is generally the second level below them that actually use the exploits, adding a serious payload and launching attacks as part of an egotistical pursuit," Noel said.

While most attacks 'appear' to come from China and Korea, Noel said they usually originate from elsewhere, but machines in these locations are less secure and easier to hijack when launching an attack.

"Sadly, for every vulnerability used by hackers there is a patch, but in most companies patches are not up to date and there are plenty of basic protective measures that are simply ignored," he said.

For example, when configuring a router, Noel said it should be set in default deny mode to minimise an external attack.

"A company is 47 times less likely to be attacked by doing this, but only 8 per cent of companies enforce this measure. So when companies buy a router they leave the setting in open access mode," he said.

"Essentially companies do this because it's easier, in default deny mode you have to do more work to configure the router properly."

Noel's risk predictions include an attack in the next six months of a blended virus utilising SQL Slammer with a severe payload that relies on unpatched systems.

He said also that there are a number of groups currently bringing together all Microsoft vulnerabilities into one library and creating an Internet Explorer hacking kit and an ISS (Internet Information Server).

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Follow our new CSO Australia LinkedIn
Follow our new social and we'll keep you in the loop for exclusive events and all things security!
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

More about ISS GroupMicrosoftOpen AccessTruSecure

Show Comments

Featured Whitepapers

Editor's Recommendations

Brand Page

Stories by Sandra Rossi

Latest Videos

More videos

Blog Posts