Domain Fluxing Helps Data Breaches Stay Hidden


Userlevel 7
Badge +54
By Neil J. Rubenking   May 14, 2014 8:07 AM EST  

   The first quarter of this year was filled to bursting with news stories about data breaches. The numbers were alarming—40 million or more Target  customers affected, for example. But the duration of some breaches also came as a shocker. Neiman Marcus's  systems were wide open for three months, and the Michael's breach, which started in May of 2013, wasn't discovered until this January. So, are their security guys total lamers? A recent report from breach recovery provider Damballa suggests that's not necessarily true.The report points out that the volume of alerts is huge, and it typically takes a human analyst to determine whether or not the alert actually signifies an infected device. Treating every alert as an infection would be ridiculous, but taking time for analysis gives the bad guys time to act. Worse, by the time analysis is complete the infection may have moved on. In particular, it may be using a completely different URL to get instructions and exfiltrate data.
 
Full Article
 
Interesting article.

3 replies

Userlevel 7
Indeed, and you can imagine what it must be like for the Webroot Threat Researchers and what they have to review & consider everyday...no pressure then, eh?
Userlevel 7
Badge +54
It gives them something to do though doesn't it :D
Seriously though it is quite a job keeping up with everything.
Userlevel 7
Indeed it's an interesting article, definitely worth reading.
Thanks for posting and sharing Jasper!

Reply