A very particular problem that we face is around customised malware, aka targeted Trojans. These malicious programs are written specifically to avoid detection by our current anti-virus systems and are sent to carefully selected people within the institution. The purpose of these programs can only be inferred by the recipients.
LSE uses MessageLabs to protect our inbound email, primarily to reduce the flood of spam to as small a trickle as possible. One of the systems that MessageLabs use is something called skeptic, that tries to identify previously unseen malicious software and to block it.
We think that this has been quite successful, although it is impossible to know how many attacks have managed to get through. Using the information we get from this system, we can discuss the implications of being on the list with the people being targeted.
The uncomfortable facts are that:
- LSE is a major target
- academia is being systemically attacked by a number of groups
- the threat is growing all of the time
There is no foolproof way of blocking every attack, but the intelligence gained from knowing the areas of interest of the attackers allows us to focus our efforts of the people at highest risk.
If you want more information on this or are at LSE and want specific advice, please contact me.
UPDATE: Martin Lee and I are proposing doing a talk about this at the RSA Conference 2012 in San Francisco. See the teaser trailer here.