With secret malware and big fines for breaches, enterprises need to enact defenses

by Charles Leaver

July 28, 2014

access_time 6 min read

The increasingly stealthy nature of malware and the monetary penalties organizations face when they fall victim to it are making the message clearer than ever: It's time to implement endpoint detection and response measures. If companies fail to have the proper defenses in place, they risk not only the immediate fallout from a malicious incursion, but also lawsuits, monetary fines, and other actions that can only be detrimental to business. And for an organization to think that it's somehow impervious to malware is as naive as it is arrogant. After all, criminals are refining malicious strains to make it practically undetectable.

Concerning new malware manages to evade detection
Steganography - the idea of embedding secret messages in things one wouldn't expect - is not a practice that emerged with the Internet. In fact, it's been around for centuries. Back in the 1600s, for instance, Gaspar Schott wrote a book in which he revealed how someone could encrypt a secret message in a musical score, according to a paper on information hiding. Using this method, the playing of a note would align with a letter of the alphabet, thereby spelling out a message.

The implications of such a practice are clear: It presents a foolproof method of concealing illicit activities. Unsurprisingly, therefore, steganography has been widely used by criminals over the years, According to a Federal Plan for Cyber Security released by the National Science and Technology Council in 2006, steganography presents an especially lucrative means for terrorists of breaking into U.S. systems.

"The affordability and widespread availability of these tools makes steganography an enabling technology for U.S. adversaries," the report stated.

But in an age of rampant cybersecurity threats, there's a new kind of terror actor leveraging steganography to carry out sophisticated and practically undetectable attacks: hackers. According to a recent paper on steganographic threats, the practice is gaining momentum among cybercriminals who are now able to infiltrate a network without fear of getting caught. As the report pointed out, the sophistication of Internet-based steganography has only increased with the years, and now "practically every popular Internet service can be exploited by steganographers if it goes with enough volume of traffic that can be altered to produce the covert channel."

The risk posed by these threats can be mitigated, however, through continuous endpoint visibility. By keeping a keen eye on all the places cybercriminals could enter, an organization takes a key step toward staving off such an intrusion.

For businesses that do get breached, the penalties are high
If the threat of steganography isn't enough to have you looking into endpoint threat detection, then the significant penalties leveraged against breached enterprises will be. Such consequences can be felt by any organization. In Providence, Rhode Island, for instance, the Women and Infants Hospital has agreed to pay $150,000 stemming form a breach that saw information compromised for more than 12,000 people, according to The Modesto Bee. The information that the hospital lost included highly privileged data like birth dates, Social Security numbers and even ultrasound imagery.

Businesses can also feel the consequences after a malicious incursion. According to Computerworld, eBay is currently facing a class action lawsuit from a Louisina-based customer following a breach. But the lawsuit filed by Colin Green is not just the product of one dissatisfied customer. Instead, Green represents the millions of customers whose personal data was thrown into jeopardy by the breach which occurred earlier this year. If Green wins the lawsuit, then he and others similarly impacted could be receiving more than $5 million from the company. Considering the cost of this potential fine, there's no disputing the utility of investing in better endpoint detection and response measures.