Companies 'not aware' of being hacked

2013-08-02 14:21
John Yeo of Trustwave says that most firms are not aware that they have been hacked. (Trustwave)

John Yeo of Trustwave says that most firms are not aware that they have been hacked. (Trustwave)

Multimedia   ·   User Galleries   ·   News in Pictures Send us your pictures  ·  Send us your stories

Cape Town - Most companies are not aware that they have been compromised and their intellectual property stolen, a cyber security firm has said.

"Most organisations who we actually end up doing forensics investigations for didn't figure out for themselves that they'd actually suffered a compromise - that they'd been hacked," John Yeo EMEA director at Trustwave told News24.

Trustwave division Spiderlabs specialises in penetration testing or ethical hacking.

Yeo said that the overall majority of clients the company handled were unaware that they had been compromised.

"Of all the forensics investigations that we did last year in only 25% of cases did the victims figure it out for themselves that they’d been hacked."


While most companies rely on antivirus solutions to prevent malware from intruding, Spiderlabs' research shows that attacks on corporations have become targeted.

"Of those 450 investigations we conducted last year, the vast majority we saw in each of those cases was bespoke so it wasn't something that was off the shelf or that was used in many different organisations - it was written with a very specific purpose in mind and was only used once," said Yeo.

He said that hackers who conduct attacks usually have a long period of access to company servers before they are detected.

"Intuitively you’d think that if an organisation gets hacked, they’d know about it and they’d know about it pretty quickly. But the reality is that they don’t figure it out for themselves and on average it takes about 210 days before the detection actually takes place."

Antivirus solutions that rely on virus definitions do not readily register malware that has been specifically designed to target a computer if that malware has not been identified previously.

This implies that hackers - whether they be corporate or state - can harvest data from companies without their knowledge or setting off alarms.

"Signature-based antivirus hasn't got a hope of being able to detect it and any organisation that thinks 'I've got antivirus deployed on my mission critical systems and if the worst case scenario happens, I'm going to detect it,' that's not going to happen," said Yeo.

Older software

Despite the release of so-called secure operating systems, Spiderlabs said that their experience shows that there is usually a fair number of systems running older software that can be exploited in medium to large firms.

Hackers typically gain entry into these older systems and quietly steal intellectual property.

"Attackers basically have free reign to a large extent. They manage to penetrate an organisation and they manage to harvest data for long periods of time before anyone figures out that anything it wrong," said Yeo.

He said that it was easier to go after "low hanging fruit" when looking to compromise a company and configuration errors and legacy systems were ideal targets for hackers.

"An attacker only needs to find the weak link in the chain, the chink in the armour. They're not going to go with a sledgehammer after the most secure system in the environment."

- Follow Duncan on Twitter
Read more on:    trustwave  |  cybercrime
NEXT ON NEWS24X publishes all comments posted on articles provided that they adhere to our Comments Policy. Should you wish to report a comment for editorial review, please do so by clicking the 'Report Comment' button to the right of each comment.

Comment on this story
Comments have been closed for this article.

Inside News24

Traffic Alerts
There are new stories on the homepage. Click here to see them.


Create Profile

Creating your profile will enable you to submit photos and stories to get published on News24.

Please provide a username for your profile page:

This username must be unique, cannot be edited and will be used in the URL to your profile page across the entire network.