Back to the main page
Five Hard Lessons Learned from the Verizon Report on APT1 Attack
In its latest annual Data Breach Investigations Report, Verizon supports recent findings that a unit of the Chinese military known as APT1 stole sensitive data from 141 corporations over the last seven years.
An advanced persistent threat (APT) is a kind of ongoing cyber attack by a group of well-coordinated, well-funded cybercriminals who penetrate an organization slowly and methodically in order to obtain high-value data.
After examining details of the APT1 attack, Oracle Database security expert Troy Kitch, principal director of security software product marketing, came up with the following five key lessons learned.
Lesson 1: Passwords are not enough.
Analysis of attacks such as those by APT1 reveals again and again that password weaknesses are a major target of cybercriminals. There are multiple ways to reduce this attack surface, including
- Self-service reset every 90 days
- Multifactor authentication
- Knowledge-based authentication
- Behavioral analytics
- Step-up authentication
Solution: The adaptive access management capabilities of Oracle Access Management Suite Plus help organizations prevent fraud and misuse by strengthening existing authentication flows, evaluating the risk of events as they happen, and providing risk-based interdiction mechanisms such as multifactor out-of-band authentication.
Lesson 2: Excessive privileges are common.
Too often, database administrators (DBAs) enable "all privileges" when setting up a database, with the assumption that they can never be sure when they might need them. The problem is, DBAs get busy and these holes are never closed. If the DBA leaves the company or moves to another group, that list of individuals with excess privileges grows longer and more difficult to manage.
Solution: With Oracle Database Vault, you can proactively identify privileged users' or applications' unused privileges and roles and then protect data from inappropriate access.
Lesson 3: The evidence of attacks is in front of us.
Abuse of privileged access is not invisible. It can be clearly detected in the form of failed logins, new account creation, privilege grants, and sensitive data reads and writes. However, many organizations aren't tracking privileged user activities. For example, according to a recent Independent Oracle Users Group survey, only 39 percent of organizations monitor sensitive writes and only 33 percent monitor sensitive reads.
Solution: With Oracle Audit Vault and Database Firewall, you can get reports on consolidated audit data and logs generated by databases, operating systems, directories, file systems, and custom sources—all in a secure, centralized repository.
Lesson 4: Break-ins are too easy.
Most security breaches take less than five minutes. SQL injection attacks take advantage of poorly written application code that enables attackers to communicate through the application tier, directly to the database. And if sensitive data in production databases is not transparently encrypted, both at rest or in motion, it is all too easy for attackers to access it. The same goes for data in nonproduction environments, which often goes unmasked.
Solution: Oracle Audit Vault and Database Firewall accurately detects and blocks unauthorized database activity by monitoring traffic to Oracle and non-Oracle databases. Oracle Advanced Security provides transparent data encryption and redaction within Oracle Database. And Oracle Data Masking Pack enables masking of production data for development, testing, and outsourcing.
Lesson 5: Misconfigurations help attackers.
Configuration drift is a great way to give attackers the foothold they need to access critical systems. Unfortunately, many DBAs do not track the location of every database in their environments, nor do they track the exact location of sensitive data within those databases.
Solution: With Oracle Database Lifecycle Management Pack, you can simplify the standardization and patching of all Oracle Databases to keep configurations aligned and ensure prompt implementation of the latest security updates.
Read the Verizon 2014 Data Breach Investigations Report.
Get the free technical primer e-book: Securing Oracle Database 12c from McGraw-Hill.