The Dyre Raids and the Importance of Security Teams

Security headlines over the last week or so have been talking about Russian police raids at the end of November that may have put an end to the Dyre malware variant.

The ring of cybercriminals taken down in those raids was almost the exclusive users of Dyre — malware that targets the banking and financial industry — and, according to a story at Forbes.com, this group of cybercriminals used it very well.

“The hackers were stealing tens of millions of dollars from businesses and banks, stealing as much as $1.5 million in individual attacks. They were responsible for a quarter of all financial cybercrime in 2015 and Dyre was the most active of all banking malware variants, according to IBM.”

As reported in the story, data from both Dell and IBM shows Dyre attacks essentially stopping after the ring was broken up. We can confirm that our own CINS data shows the same thing. The raids occurred on Nov. 18 and Nov. 19, and, as you can see on the chart below, Dyre alerts stopped being reported by Sentinel IPS devices at the same time.

Importance of Network Security Teams

 

Great Security Requires a Great Team

Matching stats isn’t the take away here, though. What’s interesting, at least to us, is that these raids and their results demonstrated something that we’ve believed for a long time: Security is a team sport.

It’s human nature to look for the easiest solution to a problem. We want that one device that will keep the network safe. Or we want that one employee who we can count on to be Mr. or Mrs. Security. But that’s not reality. There is no secret device. And network security is ever changing. One person shouldn’t be expected to be up to date on everything.

That’s why it takes a team to properly secure a network, and it’s an idea that was reinforced by the recent Russian raids and the sudden stoppage of Dyre attacks. To be this effective, security requires contributions from several people and devices. It’s the system administrator who is cleaning up infected machines. It’s the IPS alerting the system administrator to bad traffic. It’s the police forces in foreign countries taking down these cybercrime gangs.

Building Your Team on a Budget

The Dyre example is an interesting one. While it clearly illustrates the need to work together, it can also feel a bit unattainable for the small business. For many, just affording a single-person IT staff can be a challenge. Now you’re talking about someone dedicated to security and special equipment to put in my data center? Unfortunately, yes. But assembling your teams doesn’t have to be a budget buster as long as you pick your players thoughtfully. Your current IT person could be a security savant in disguise. Train that person up. Get them the knowledge they need to be current on the latest security concerns. And when you are looking at equipment, look for managed solutions. For example, choosing an IPS like Sentinel’s can be a low-cost way to bring in the expertise of others. Since someone else is doing the maintenance on the equipment and updating its list of banned IP addresses regularly, there’s no additional work for your team to take on. You can build the security team you need in a way that fits your budget.

By | 2018-03-15T05:42:18+00:00 February 17th, 2016|Network Security|Comments Off on The Dyre Raids and the Importance of Security Teams