Thursday, November 29, 2007

A Target-Rich LANDSCAPE

What kind of Havoc can cyber criminals can wreak?

In a recent Keynote speech, IBM ISS General Manager Tom Noonan described the far-too-common reality of enterprises believing their security infrastructure is working when isn't. This creates an incredibly target-rich environment for today's cyber criminals.


CONSIDER THREE OF NOONAN'S EXAMPLES:

"In one engagement, our consultants penetrated the defenses of the national electric utility for Mexico through a rogue wireless access point. I asked our lead consultant how critical the situation was. He said, "Incredibly critical. I could set it up so you could be sitting in a cyber cafe in China and shut off all the electricity in Mexico. Give me a few days and I could spell my daughter's name in lights in Mexico City so it's visible from space."

"In an engagement we had with a county government in Florida, their security team swore up and down that their systems were completely protected. Within a day or two, our consultants penetrated the county's parole management system through application vulnerability. They had complete access to the system - to the point where they could have started discharging criminals from county jails."

"A municipal organization in Atlanta saw that their IT budget was skyrocketing year over year. They asked us to take a look at their data center to figure out why they kept running out of capacity. We found that one of the world's largest distributors of pornography had co-opted their servers and was running operations out of their data center."

These stories seem remarkable but they are really normal in security world. Security consultants and Pen-testers have hundred of stories like this. And the root cause of the problem is always the same - the customers are trying to protect themselves with defenses that are easily by passed by today's modern cyber criminals.

No comments: