Bad guys suffer from information overload too

Report Details Hacks Targeting Google, Others | Threat Level |

Many entities that are compromised by APT remain so even after they’ve instituted measures to rid themselves of the intruders, Mandia says. If they do manage to eradicate the intruders, the most they can hope for is a three- to six-month respite before the attackers return.

The worst thing a company can do, when it discovers a breach, is to shut down an infected system or remove it from the internet before understanding the extent of the breach. Otherwise, the attackers just switch tactics and focus on other parts of the network.

“If you do a remediation effort that fails, the sophistication of the next wave you deal with is higher,” Mandia says.

(Yeah, I know Clay Shirky says we should call it filter failure). But really. If only they had enough resources everyone would have this stuff on their machines.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: