Norway


The US Justice Department just charged an alleged malware author with spying on local, state, and federal governments; companies; and individuals for a period of years. Active monitoring could have reduced this long plundering of privacy.

Malware Author’s 13 Years of Spying: Reducing Breach Lag Time  - hacker 1944688 1280 - Malware Author’s 13 Years of Spying: Reducing Breach Lag Time

The indictment asserts that Phillip R. Durachinsky:

  • Created “Fruitfly,” a Mac-based capable of taking screenshots, logging keystrokes, and obtaining access to infected computers’ webcams.
  • Spied on individuals between 2003 and January 2017, keeping detailed notes on his victims.
  • Downloaded victims’ personal information, misused stolen login credentials to access accounts, and committed wire fraud.

Fruitfly was initially discovered in January 2017 and addressed by an Apple patch.

- teramind banner company data 20170809 728x90 - Malware Author’s 13 Years of Spying: Reducing Breach Lag TimeWhy Time to Detect Matters

We’ve previously covered why breaches go undetected and the resulting impact. This incident may represent a record for longest time to detect. During this time, the alleged spy had extensive access to both personal information and presumably, in the case of computers owned by businesses, access to sensitive organization data.

For businesses, time dramatically affects the overall impact of a breach:  the quicker you can detect a breach, the less harm done. Quick response time impacts the cost of a breach as well. A recent breach cost report notes that if the mean time to identify (MTTI) was under 0 days, the estimated average total cost of data breach was $2.80 million. If it was over 0 days, the estimated cost was $3.83 million.

Active monitoring is required to catch a breach early and plug the hole. Monitoring software listens for suspicious activity on your network (like anomalous use of valid credentials and off-hour access) and alerts on these signals. While 13 years is an extraordinarily long time, the average lag time before a breach is detected is 205 days. That’s a long time for a malicious intruder to wander around your network.



Source link

LEAVE A REPLY

Please enter your comment!
Please enter your name here