Many organisations feel that they are safe because they don’t believe that anyone is interested in their data. Even more feel safe because they believe that they’ve never been attacked.
Unfortunately the truth is somewhat more
uncomfortable.
Every organisation’s data is interesting to
someone: hackers, competitors, hactivists, even nation states; and if you are
connected to the Internet you have been attacked, and unless very lucky or very
careful, you’ve been compromised.
But who sets out to steal the corporate
secrets of a pizza chain? This is the wrong question. The question
implies that the target was selected first, then the attack happened
second. In reality in today’s Internet it’s much more likely that the
opposite happened, that the entire internet was attacked, and the targets
selected that were vulnerable. Including the pizza chain.
But is this plausible? The Internet is
big! You might think that it’s a long way to the corner shop, but that’s
nothing compared to the Internet. The IPv4 Internet can have a maximum of
2 billion directly addressable hosts, and as of July 2012 ISC reported that
about 900 million were connected. That is still a lot of address space to
attack! Today automation, fast links, and cloud computing have turned an
impossible task into something that can be done for a few dollars in a few
days.
So every service published on the Internet
will be found. And if they are vulnerable they will be attacked. This
week.
If you still think that you have weeks to
patch your Internet facing hosts, you are amongst the good company of those who
have been compromised but just don’t know it yet.
If you needed an excuse to get your IPv6
migration started, I can’t think of a better one, as it moves scanning the
entire Internet back into the impossible category.
Then there are targeted attacks…