1 – That we need multiple layers of security protection in our networks since no single tool will catch everything
2 – We need to up the sophistication of the types of tools we use to keep pace with the sophistication and variety of attacks now being generated by the bad actors.
3 – We need to monitor activity from additional locations in our networks to improve our ability to be able to spot the more sophisticated types of attacks that might not be visible via other methods.
From a blog post from the team at Cisco Talos, which is Cisco’s industry leading threat intelligence group, an interesting story of how they found an attack that used poisoned Google (and other) search engine results to start a chain of events to launch an attack leading to the installation of malware on machines and the exfiltration of sensitive data.
In this case it was the banking industry but it could just as easily have been any other industry group, including schools. Lists of names, addresses, social security numbers, and student ID numbers held by school databases are just as valuable to the bad actors involved in identity theft as stealing money from banks was is this instance.
The middle of the post gets a little technically deep but a quick scan through the post will give most of us the general sense of what they found and how the attack worked.
We already talk with our end users about thinking twice before opening attachments or clicking on a link in an e-mail. We can now add to the list the idea of not even blindly trusting the results of a Google search.
It should become readily apparent that the old security tools using basic perimeter firewalls and simple signature based anti-virus on endpoints will no longer do the job against the threat landscape out on the Internet today.
We must up our game.
Cisco Talos Blog Post:
“Poisoning the Well: Banking Trojan Targets Google Search Results”