A new virus has just been identified that is specifically targeted at small and medium-sized businesses (SMBs) in the UK. This attack is initiated as a highly targeted phishing email that purports to be tickets to a theatre performance of Peter Pan. Attached to the email is the “ticket”, which is actually a malicious payload. Once opened the payload installs malware that spiders out across all devices on the same network, replicating itself and collecting user names, passwords and other sensitive information from the infected devices. The compromised information is then sent to a command server in Eastern Europe.
Why is this attack targeted at SMBs? Although we don’t know for sure without speaking with the cyber-criminals behind this attack, it is a pretty safe bet that the criminals view SMBs as a soft target. The threat landscape is becoming more challenging by the day; the volume of intrusions is increasing, and attacks are becoming more sophisticated and targeted. We tend to think of cyber-threats as a phenomenon that affects large enterprises and government entities: organizations that have the capabilities, staff and resources to buy the latest security products and figure out how to get them to work together. The reality, however, is that SMBs are faced with exactly the same cyber security challenges as their larger brethren, but don’t have the budgets or manpower to adequately address the threat. The cyber-criminals know this and have turned their attention to attacking these less-defended targets.
“Peter Pan” is an example of what is termed a blended threat: an attack that utilizes multiple vectors of entry to achieve its’ objective. The three vectors through which malware can attack an organization are the Web connection, Email and the endpoint device itself. Unfortunately, most SMBs are inadequately prepared to deal with these blended attacks. Defending an organization against blended attacks requires a multi-layered approach to security.
Until recently, endpoint, web and email security were like oil and water – you could never get them to play nice and mix together. Even security vendors that offered products in all 3 categories treated them very much separately, without even the barest nod toward integration. That state of affairs suited cyber-criminals just fine. In much the same way that “real world” criminals will look for the opportunity to evade physical security detection by slipping under a fence or through an open window, so cyber-criminals revel in the obvious gaps that this silo’d approach to IT security has created.
The world, however, has evolved; and this approach to security is no longer sufficient in the face of highly sophisticated and determined adversaries. The modern cyber-threat demands a multi-layered and integrated response: the web services and email application must be aware of, and responsive to, what is happening on the endpoint device – and vice-versa. For example, unusual activity in email (such as the Peter Pan malicious payload) should adaptively trigger an immediate tightening of policy on affected endpoint devices or web connection. Similarly, identification of infection or unexpected activity at the endpoint level should immediately activate a response at the web and email layers.
Unfortunately, given the security industry’s legacy server-based approaches and point product orientation, this kind of flexible and adaptable security posture has been almost impossible to attain – even for the largest organizations. Until recently, SMBs have been left woefully vulnerable by this lack of co-ordination and integration – not to mention the inordinate expense of deploying enterprise-class protection.
The iSheriff security service is a global cloud network that delivers tightly integrated protection across the three vectors of Web, endpoint and Email. Delivered as a cloud service, iSheriff security is specifically designed to deliver the ease-of-use and cost-effectiveness that SMBs require, with the enterprise-class multi-layered protection that they need.
Integration is at the core of the iSheriff cloud security service. Not only are endpoint, Web and Email security deployed through the same cloud network, but policy and reporting are deeply integrated as well. This enables organizations to define a single security policy spanning all three vectors: delivering unparalleled protection against blended threats. Integrated reporting and alerting deliver deep visibility into security posture, and the ability to quickly respond in real-time. This visibility enabled iSheriff to be among the first security companies to identify and block the “Peter Pan” virus.
The security landscape is changing. As this “Peter Pan” virus has clearly illustrated, yesterday’s security approaches are simply no longer adequate to keep SMBs protected. A new, multi-layered, approach is required: iSheriff is on the forefront of this next generation of security solutions.