While we still see almost daily articles with fallout from the Target payment card breach (and other suspected breaches), the news this week brought word of a sophisticated APT (Advanced Persistent Threat) that has been operational for years. This has been dubbed “Careto,” Spanish for “mask,” and is a quite insidious piece of software. Unlike many historic pieces of malware, this is multi-platform, targeting Windows, Mac OS X, and Linux (indications are that it may also be impacting mobiles, but the data is sketchier there). Kapersky Labs has published an excellent white paper on their analysis, that’s long but well worth your time to peruse. While some parts of the article are technical, those can be easily glossed over to get a sense of the scope and complexity of this malware.
What’s a takeaway from this for those who are not security researchers? Data Loss Prevention (DLP) is very challenging in today’s environment. You should be realistic in your assessment of your security, and you should do risk analyses to assess both vulnerabilities and impact. Practice defense in depth (don’t trust just a perimeter firewall). De-perimeterization is a good philosophical direction, where each application or corpus of data is responsible for its own protection. Balance security and risk of data loss, but realize that complete protection is improbable…