It seems that new viruses are discovered like clockwork in specific industries, especially those dealing with sensitive information. Today I read the details on the newly discovered ‘Red October’ virus – it is eerily reminiscent of the ‘Flame’ worm, and many others that have come before. There are probably even more that are already making the rounds and have not yet been discovered! The next big virus is already sneaking around collecting sensitive information and sending it home; by the time it’s discovered and gets its day in the media sun, it will have been out there for weeks, months, even years.
The Exfiltration of Encrypted Data
What interests me about the recent batch of worms and viruses is their targeted ability to find and exfiltrate sensitive documents. In fact, the “Red October” virus specifically searches for deleted files and files encrypted by “Cryptofiler” which is commonly used in the intelligence community. I doubt anybody considers this a coincidence.
Toxic Data and Data Breaches
Similarly, I doubt anybody is unconcerned with these viruses that go to great lengths to hide and exfiltrate your most sensitive, most toxic data. Toxic data is any piece of information that will do massive damage to your organization’s image and bottom line when its disclosure reaches the public. Usually this includes medical records, financial records and credit cards, and any personally identifiable information. Simply the exposure of a data breach is sufficient, irrespective of the actual content and where the data went.
Using Evidence of Data Exfiltrations
What makes the problem so difficult to tackle is the myriad places inside your computers’ filesystems where these viruses can hide away. There is no guarantee you will ever find them, and computer systems are getting ever bigger and more complex, making it easier and easier to hide. It seems the only safe bet is to search for evidence of the data exfiltrations in the network traffic, which is much harder to hide.
Be Vigilant of Viruses and Inside Jobs
In my opinion, most organizations spend far too much time searching for viruses on their computers, and far too little time searching for data exfiltrations over their networks. Keep in mind that it is not only worms and viruses that may be exfiltrating your most toxic data, it could easily be anyone within your own walls. In the end, the most important objective is to ensure that no toxic data leaves your enterprise, and keeping an eye on your network traffic may be your last viable line of defense.
Scalable Traffic Analysis for Complex Environments
FlowTraq is a software product by ProQSys, which specializes in high volume, forensically accurate network behavioral flow analysis. Our goal is to substantially improve your visibility and insight into your network infrastructure to understand threats before they become incidents.
ProQSys has 2,600 customers worldwide, including Fortune-500 companies, ISP/MSPs, governments, schools, and universities. For more information, please visit www.flowtraq.com.
See how FlowTraq can help you discover data exfiltrations in your network today!