Hackers get ‘more violent' against security firms

Security firms are being targeted by more violent attacks than ever before, one of the industry's top experts has warned.

Mikko Hypponen, chief research officer at F-Secure, said security providers had to deal with some "pretty aggressive attacks" in recent months.

"We are seeing more of them now than before and they are more violent attacks," Hypponen said in an interview with IT PRO today.

"Obviously, anybody in the security industry doesn't like this, seeing more and more attacks against security companies. Nobody is 100 per cent secure, but we do our best. We definitely don't want to challenge anybody to hack into our systems."

Hypponen's comments came after a spate of hacks against technology companies, with security firms being hit hard.

HBGary was infiltrated by hacktivist group Anonymous after a spat between the two organisations, as the security firm saw tens of thousands of its emails leaked.

More recently, RSA was hit by a significant targeted attack, or Advanced Persistent Threat (APT), when data on the company's SecurID product line was taken.

Then, over the weekend, Barracuda Networks was hit with an SQL injection attack, with partner contact information stolen.

Barracuda admitted it made a mistake by turning its own Web Application Firewall, sitting in front of the company's website, to "passive monitoring mode."

APTs

Despite being averse to the 'APT' buzz-acronym of the moment, Hypponen said such targeted attacks were a genuine worry and have been for some time.

He revealed a billion-pound UK company was hit by an APT, when a key employee's laptop became infected with a back-door flaw for 18 months before the firm realised what was going on.

"It was basically leaking corporate data to an IP in China for a year and a half," Hypponen said.

A significant problem with such targeted attacks is the difficulty of identifying them.

"We miss most of these attacks," he added. "The reason why most of these go undetected is that they are so narrow targeted. Normally only one guy is hit by them and it's not detected by any safeguards."

Most APTs F-Secure has seen appeared to have been state-sponsored, Hypponen suggested, given many have targeted NGOs and freedom of speech groups.

Tom Brewster is currently an associate editor at Forbes and an award-winning journalist who covers cyber security, surveillance, and privacy. Starting his career at ITPro as a staff writer and working up to a senior staff writer role, Tom has been covering the tech industry for more than ten years and is considered one of the leading journalists in his specialism.

He is a proud alum of the University of Sheffield where he secured an undergraduate degree in English Literature before undertaking a certification from General Assembly in web development.