eBay, Target Failures Spark Search for New Security Approach

Advertisement
By Agence France-Presse | Updated: 25 May 2014 12:12 IST

With cybersecurity's most glaring failures in the limelight, many experts say it's time for a new approach.

In recent weeks, the security community has been rocked by news of a massive breach at online giant eBay affecting as many as 145 million customers, following another that hit as many as 110 million at retailer Target.

Advertisement

A US indictment earlier this month accused members of a shadowy Chinese military unit for allegedly hacking US companies for trade secrets, a charge denied by Beijing.

The incidents highlight huge gaps in cybersecurity, or the ease in which malicious actors can break into a single computer and subsequently penetrate a network or cloud.

Advertisement

"The old model (for cybersecurity) doesn't work," said James Lewis of the Center for Strategic and International Studies.

"It is getting worse and getting out of control... One of the dilemmas is that when people have a choice between security and utility, they often choose utility."

Advertisement

A survey released Wednesday by the security firm Trustwave said it identified 691 breaches across 24 countries last year, with the number of incidents up 53.6 percent over 2012.

"As long as criminals can make money by stealing data and selling that sensitive information on the black market, we don't expect data compromises to subside," the report said.

Advertisement

Much of the problem stems from so-called "phishing" attacks in which emails are disguised as coming from a trusted person.

When links are opened, hackers can install malicious software allowing them to control a computer, and potentially an entire network.

A report by security firm Symantec found a 91 percent increase in targeted "spearphishing" attacks in 2013 and said more than 552 million identities were exposed via breaches.

IBM recently unveiled a new cyber defense system aimed at thwarting attacks before they happen, with predictive analytics.

Symantec suggests a similar approach touting its platform "that aggregates and correlates unfiltered alerts from a diverse set of technologies, harnessing global threat intelligence to detect traffic patterns associated with malicious activity," according to a blog post by Symantec's James Hanlon.

Hardware security approach

But others in the cybersecurity community dispute that approach.

The idea of predicting and halting attacks "is utter nonsense," said Simon Crosby co-founder of the security firm Bromium, which uses a hardware-based solution that isolates computers to prevent the spread of an infection.

Crosby told AFP he views as unlikely "the ability to pick through the noise to find a bad guy before he does bad thing."

He said Bromium offers a better solution "by making the system defend itself by design."

Johannes Ullrich, a researcher with the SANS Institute, said hardware isolation "is a solid approach," but just one of many new options being explored.

Ullrich said that in hunting for malware, "you cannot come up with a list of everything that is bad, but what you can do is enumerate what is supposed to be there."

This "white list" approach has a higher chance of success, Ullrich said.

'Hunting ghosts'

The old notion of using anti-virus software, which updates itself based on new malware "signatures," is rapidly losing credence.

A 2012 study by the security firm Imperva said most software only detected around five percent of malware. Another firm, FireEye, concluded last year that 82 percent of malware disappears after one hour and 70 percent exists just once.

"With the half-life of malware being so short, we can draw the conclusion that the function signature-based AV (anti-virus) serves has become more akin to ghost hunting than threat detection and prevention," said a blog post by FireEye's Zheng Bu and Rob Rachwald.

Ullrich said that over time, companies need to invest more in information security and develop strategies before the problems subside.

"Security will never prevent every single breach," he said. "You want to keep it at a manageable level, to stay in business. That's what security is all about."

 

Get your daily dose of tech news, reviews, and insights, in under 80 characters on Gadgets 360 Turbo. Connect with fellow tech lovers on our Forum. Follow us on X, Facebook, WhatsApp, Threads and Google News for instant updates. Catch all the action on our YouTube channel.

Advertisement

Related Stories

Popular Mobile Brands
  1. WhatsApp Usernames Are Reportedly Available for Some Android and iOS Users
  2. Skullcandy Crusher 1080 ANC Launched With With Bose Audio, Up to 60-Hour Battery
  3. Huawei Mate XT 2 Patent Hints at Major Design Changes Over Predecessor
  4. Redmi Note 17 Pro Global Variant Appears on NBD Database Alongside Poco Model
  5. Pixel 11a Codename Appears in Google's Phone App: Report
  6. Here's How Much the iQOO Z11 Lite Could Cost in India
  7. Oppo K15 Launch Date Confirmed; Key Specifications Revealed Ahead of Debut
  8. iPhone 18 Pro Max Could Get a New Sony Sensor With Variable Aperture Tech
  9. OnePlus Exits US, Europe, Continues Operations in India: 5 Things to Know
  10. Airtel Unlimited 5G Data Subscribers Reportedly Cannot Share 5G Data via Mobile Hotspot
  1. Redmi Note 17 Pro Global Variant Reportedly Appears on NBD Database Alongside Poco Model
  2. Google Pixel 11a Codename Reportedly Spotted in Phone App
  3. Huawei Mate XT 2 Leaked Patent Reveals New Tri-Fold Design and Folding Mechanism
  4. Airtel Unlimited 5G Data Subscribers Reportedly Cannot Share 5G Data via Mobile Hotspot: Here's What We Know So Far
  5. Lenovo Legion C700 Teased as a Cloud Gaming Handheld Ahead of August Launch
  6. Marvel's Wolverine Gets New Trailer That Will Play Ahead of Christopher Nolan's The Odyssey in Select Theatres
  7. Airtel Quietly Removes Rs. 549 Individual Postpaid Plan in India; Rs. 699 Plan Becomes Next Upgrade
  8. Poco M8 Power, Poco X8 India Launch Timeline Tipped; Could Arrive as Rebranded Redmi Note 17 Series
  9. Samsung Galaxy S25 Series Could Get Galaxy S26’s Horizontal Lock Camera Feature With One UI 9 Update
  10. Asus Pad India Launch Date Announced as Company Reveals Key Specifications
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2026. All rights reserved.