Hacker Intelligence Initiative (HII)
Issued approximately six times a year, the Imperva Hacker Intelligence Initiative (HII) reports go inside the cyber-underground to provide in-depth, forward-looking analysis at trending hacking techniques and interesting attack campaigns. These provocative, creative and innovative research papers aim not to solely understand what has happened in the past, but to deep dive into what is ahead and what’s needed to proactively stay ahead of hackers’ next moves.
Today’s File Security is So ’80s
The complexity of managing enterprise-level file permissions makes it increasingly difficult for security teams to keep track of who has access to what. In this report, Imperva researchers compare the traditional ‘static’ approach to file security with a more dynamic approach based on how users actually access files in the organization. Using the Dynamic Peer Group Analysis machine learning algorithm, virtual working peer groups are automatically identified and suspicious files access by unauthorized users can be immediately detected.
Man in the Cloud (MITC) Attacks
In this report, we demonstrate a new type of attack we call “Man in the Cloud” (MITC). These MITC attacks rely on common file synchronization services (such as GoogleDrive and Dropbox) as their infrastructure for command and control (C&C), data exfiltration, and remote access. Without using any exploits, we show how simple re-configuration of these services can turn them into a devastating attack tool that is not easily detected by common security measures.
Since most organizations either allow their users to use file synchronization services, or even rely on these services as part of their business toolbox, we think that MITC attacks will become prevalent in the wild. As a result, we encourage enterprises to shift the focus of their security effort from preventing infections and endpoint protection to securing their business data and applications at the source.
Security Trends 2012
Hacking is inherently innovative and constantly changing. As 2012 approaches, security teams will need to adapt to a changing threat landscape as cyber security remains one of the most dynamic and fluid disciplines worldwide. The Imperva Defense Center, led by Imperva CTO Amichai Shulman, is exclusively focused on advancing the practice of cyber security to help companies shield themselves from the threat of hackers and insiders. For 2012, the Imperva Defense Center has assembled a comprehensive set of predictions designed to help security professionals prepare for new threats and attacks in cyber space.