Security firms are being targeted by more violent attacks than ever before, one of the industry's top experts has warned.
Mikko Hypponen, chief research officer at F-Secure, said security providers had to deal with some "pretty aggressive attacks" in recent months.
"We are seeing more of them now than before and they are more violent attacks," Hypponen said in an interview with IT PRO today.
"Obviously, anybody in the security industry doesn't like this, seeing more and more attacks against security companies. Nobody is 100 per cent secure, but we do our best. We definitely don't want to challenge anybody to hack into our systems."
Hypponen's comments came after a spate of hacks against technology companies, with security firms being hit hard.
HBGary was infiltrated by hacktivist group Anonymous after a spat between the two organisations, as the security firm saw tens of thousands of its emails leaked.
More recently, RSA was hit by a significant targeted attack, or Advanced Persistent Threat (APT), when data on the company's SecurID product line was taken.
Then, over the weekend, Barracuda Networks was hit with an SQL injection attack, with partner contact information stolen.
Barracuda admitted it made a mistake by turning its own Web Application Firewall, sitting in front of the company's website, to "passive monitoring mode."
APTs
Despite being averse to the 'APT' buzz-acronym of the moment, Hypponen said such targeted attacks were a genuine worry and have been for some time.
He revealed a billion-pound UK company was hit by an APT, when a key employee's laptop became infected with a back-door flaw for 18 months before the firm realised what was going on.
"It was basically leaking corporate data to an IP in China for a year and a half," Hypponen said.
A significant problem with such targeted attacks is the difficulty of identifying them.
"We miss most of these attacks," he added. "The reason why most of these go undetected is that they are so narrow targeted. Normally only one guy is hit by them and it's not detected by any safeguards."
Most APTs F-Secure has seen appeared to have been state-sponsored, Hypponen suggested, given many have targeted NGOs and freedom of speech groups.
-
Bigger salaries, more burnout: Is the CISO role in crisis?In-depth CISOs are more stressed than ever before – but why is this and what can be done?
-
Cheap cyber crime kits can be bought on the dark web for less than $25News Research from NordVPN shows phishing kits are now widely available on the dark web and via messaging apps like Telegram, and are often selling for less than $25.
-
Dell sells RSA security business to private equity firmNews Cash deal worth £1.6bn expected to close within the next 9 months
-
View from the Airport: RSA Conference 2017Opinion Brace yourselves for the cyberpocalypse... or not
-
Why complex security plans mar business-IT relationshipNews Michael Dell talks security at first post-acquisition RSA Conference
-
C-suite and IT must collaborate for safer businessesNews "Business-driven security" is the name of the game at RSA Conference 2017
-
What to expect from RSA Conference 2017Opinion This year's security landscape means there's more to discuss than ever
-
RSA 2016: Weakened encryption compromises national securityNews Terrorists will move to other platforms, while criminals will exploit the flaws, claim speakers
-
ChewBacca malware steals data from retailers in 11 countriesNews RSA researchers uncover global malware operation that relies on ChewBacca keystroke logger.
-
EMC World 2013: Enterprise on back foot with cloud and mobile securityNews RSA chairman paints bleak picture of enterprise threat response.
