(MoneyWatch) There's a war taking place in cyberspace. Every day, businesses around the world are the subject of attacks by criminal organizations, and possibly even governments. Recently, the New York Times disclosed the details of a four-month long assault on in which Chinese hackers allegedly broke into the media company's computers, stole passwords, and mined their databases for data and sources related to a story that was critical of the Chinese government.
The story is a fascinating, if somewhat lengthy, study of how a business can detect, monitor and fight back against modern hackers.
According to the Times, hackers installed 45 pieces of malware on the company's computer system over several months, 44 of which were not detected by the antivirus software used by the company. When the company learned it might be a target, however, it asked its Internet Service Provider to flag unusual network activity. This led to the company eventually learning about and dealing with the hackers.
What are the lessons learned?
Vigilance against "phishing" remains critically important. The Times believes the initial compromises occurred as a result of phishing emails loaded with malware.
Whitelisting can prevent malware. User education can only go so far. One strategy to improve network security is to install software that only allows pre-approved software to run -- a practice called "whitelisting."
Sandbox your PCs. Another approach is to "sandbox" applications by only allowing them to run special virtual environments -- called micro-virtualization -- so they can't interact with other data or software.
Don't shut down hackers immediately. The Times played a waiting game with the hackers, watching their activity. In this case, it paid off because the hackers revealed weak points in the company's system. Shutting them out too quickly would've resulted in missing some of those entry points.
Photo courtesy of Flickr user alextorrenegra