Attackers Think Small For Big Results

Earlier this week, it was reported that hackers stole information from the U.S. Department of Transportation and several U.S.-based companies by tricking employees with fake job-listings on advertisements and e-mail.

What's truly worrisome is that these data thefts demonstrate how attackers can thwart robust defenses.

First, the attackers hit a limited number of targets. This has two benefits for bad guys trying to stay under the radar. First, it exploits the numbers game of AV detection -- that is, the more hosts you infect, the greater the chances the malware will get reported and a signature will be created. Infecting a smaller number of hosts increased the time the malware would remain undetected by scanners.

A limited target size also improves the chances that malware won't be detected by other means such as traffic analysis. Even if the target companies regularly monitor network activity or review logs to look for anomalous behavior, by compromising only a small number of hosts, the attackers avoided detection long enough to steal data.These thefts demonstrate the continuing utility of social engineering. The users were integral, if unwitting, components of the scheme. By enticing users to open e-mails or click through Web pages, the bad guys were able to get malware onto target systems.

All in all, these attacks point out the challenges that IT security departments continue to face when it comes to protecting data.