Rats coming out of the sewer

More than two years ago I mentioned on this blog the fact that large networks are likely hosting a variety of nasty things we will probably never become aware of. This is more than just speculation and there’s some good supporting evidence in this latest story about another breach of a credit card payment processor which apparently only came to light when, as quoted below:

In most of the latest high-profile breaches,

the threat was found only after the forensics team came into the

picture. “Existing network security mechanisms remained clueless,”

However, search hard enough on any network and I’ll bet you could find some speculative evidence of unauthorised access or malware that really amount to very little of interest. Is there sometimes an over analysis of forensic results when it comes to IT systems? I’ve seen plenty of vulnerability test reports that over-egg benign issues into something far more serious than they really are.

I’ll be interested to see where this story goes.