Insider Attacks on the Increase

A recent security report from CA, Inc. has shown a shift in enterprise threats to focus on internal data theft. In other news, researchers have discovered new security vulnerabilities in Java, while the city of San Francisco has been locked out of administrative access to its IT systems by a rogue staff member.

Focal Points:

• An annual security report from CA has shown a decrease in attacks from outside the enterprise. This is the first time in five years that external security attacks have decreased. However, the report also found that internal attacks are up two percent from last year and up 30 percent in the last five years. The report of external attacks has dropped from 68 percent two years ago to 59 percent last year. Security attacks from the network dropped from 50 percent to 40 percent. The report further found that about one third of surveyed companies reported data theft, while 61 percent of the companies reported a drop in productivity as a result of security attacks.
• Security researchers recently discovered vulnerabilities in the Spring Framework. This is a commonly-used environment for the open source development of Java applications. Researchers from Ounce Labs, Inc., makers of tools for source code analysis, said the vulnerabilities could affect most of the applications that have been developed with the Spring Framework. One vulnerability allows attackers to add queries or other data to user input in database fields, allowing attackers to bypass client-side security. This ModelView Injection flaw takes advantage of design flaws in Spring that do not have sufficient safeguards between the application model and the production database.
• As of Thursday, 17 July, systems administrators were still not able to gain access to the main IT system for the city of San Francisco. Officials arrested the administrator who they believe crippled access to these systems. He has been charged with tampering with the systems FiberWAN (Fibre Channel connected wide area network). Systems affected include the cities human resources, payroll, and other personal data. The offender reset the main password and has refused to tell anyone else what it is. While the systems remain operational, no one is able to gain privileged access to modify or maintain the systems.

Experton Group believes security managers should have a central method for maintaining secure key management. Best practice is for administrative access to be controlled only via individual user access, to prevent any one person from having and controlling "super user" privileges. IT executives should look at security products that automate key management and password management, in order to prevent rogue users from causing mass systems disablement.