Operation Aurora: Prepare for Cyberwar

Jan
22
Posted on January 22, 2010 by Steve Shillingford - President and CEO

Two weeks ago when Google announced they were the target of sophisticated attacks from China, we were notified a war had begun. China had a plan to attack and steal Google intellectual property and compromise Gmail. Google was not alone. Coordinated attacks were also organized targeting Adobe and nearly 20 other corporate and government sites.

The attacks, known now as “Operation Aurora” took advantage of a Microsoft Internet Explorer vulnerability. Today, Microsoft announced a patch for this particular vulnerability.

What does this latest attack tell us? Quite simply, you cannot fight a global cyber war without sufficient weaponry. Would we expect our military to enter into Iraq with just knives? Absolutely not. Similarly, we cannot expect our flagship brands in American enterprises and our government to face cyberwar without the proper tools and ability to respond.

What happened to Google, Adobe and others can never be completely prevented, but the extent of the attack could have been minimized. With active network forensics solutions in place at appropriate points in the network, these organizations could have instantly investigated all the network traffic and swiftly identified suspicious activity at the first sign of an attack. This recorded data could have been replayed to determine the exact scope and extent of the attack, including compromised systems and data. This record could have also proved what systems were not compromised, allowing these organizations to effectively remediate and protect against further exposure. With active network forensics, network traffic and information could have been retrieved in seconds, reducing the exposure window from weeks to hours.

Today, the update code for the patch is available, but what if something got in while the door was open? You may have closed it with a patch, but what about the time between exposure and patching?

It is unwise for organizations today to rely on prevention tools alone and assume they are prepared for an attack. Being able to record your traffic, review attack information and immediately respond to an enemy is an absolute must. Today, every CSO and security administrator must realize that without measures to instantly remediate an attack, they are in jeopardy. Operation Aurora has taught us a very necessary lesson indeed. After all, who brings a knife to a gunfight?

Posted in Cybersecurity, Data Breach, Exploit, Security |