[BreachExchange] Batten down the hatches: cyber-security attacks are becoming more aggressive
Audrey McNeil
audrey at riskbasedsecurity.com
Thu Apr 21 20:32:36 EDT 2016
http://www.itproportal.com/2016/04/21/batten-down-the-hatches-cyber-security-attacks-are-becoming-more-aggressive/
As the cyber-security landscape evolves, so too does the type of breaches
companies are having to deal with, on an almost daily basis. As hackers
continue to up their game in pursuit of stealing personal data for
financial reward, enterprises are finding themselves under constant attack.
Ensuring corporate security solutions rise to the challenge is a reality
that organisations of all sizes face.
Ransomware is a tactic being used more and more to prise data from
enterprises. Examples such as recent incidents at numerous US hospitals in
the US highlights how vulnerable healthcare institutions are due to the
highly sought-after personal data they store. While UK-based enterprises
may have had a lucky escape so far, we are certainly seeing a shift in
ransomware targeting individual consumers, to these larger corporations and
public sector organisations.
The nature of cyber-security means that we are observing new and emerging
trends on a regular basis – with businesses often playing catch-up and
falling victim to security breaches. Over the last few years, it’s clear
that there has been a real shift in tactics used by these cyber-criminals
and it is worth taking a step back and recognising what’s in store for
enterprises as cyber-crime becomes more aggressive.
Ransomware wins the battle for the corporate wallet
Ransomware has managed to hit a sweet spot, and is showing no sign of
slowing down. As hackers get more savvy and look to expand their target
market, we are starting to see a shift from consumer ransomware to
corporate malware targeting an entire organisation. With this, the monetary
value is becoming more damaging as prices go from a tolerable £500 to a
more crippling sum, as hackers target invaluable data sets, and threaten to
leak and/or delete the files unless a payment is made. It’s a logical
progression, as users have been all too willing to pay the expensive but
not excessive ransom in exchange for the return of their precious data and
corporations appear willing to do the same.
The wildly profitable CryptoLocker is one example of ransomware that has
attracted clones since it was largely knocked offline following the
international security collaboration known as Operation Tovar. Many of
these clones, including more popular variants such as CryptoWall and
TorrentLocker, have followed the proven formula, but we’re starting to see
variations such as ransomware focused on Linux and mobile platforms. The
former is especially important as it’s more likely to impact the websites
and code repositories of enterprises, who in our experience, are also
willing to pay up rather than risk losing critical intellectual property.
Businesses need to employ sandboxing technology and dynamic data analysis
in order to counter-act aggressive corporate ransomware attempts.
In the coming months, we will continue to see ransomware become
increasingly corporate focused, and as it does, enterprises won’t get away
with paying consumer prices. Hackers will narrow their attacks to target
enterprise servers and in doing so, will demand much, much more. The
criminals behind ransomware campaigns are savvy and now that they’re
realising that they can lock up enterprise source code and important
financial documents, they know they’re in for a big payday.
One way that enterprises can fight back against criminals inflicting a
ransomware attack, is by backing up files, not just as a one-off, but
continuously and regularly validating the effectiveness of those backups.
Taking away leveraging power, by simply enforcing back ups, brings the
control back to the organisation and away from the hackers.
Yet, security solutions are failing when it comes to ransomware. Businesses
need to employ sandboxing technology and dynamic data analysis in order to
counter-act aggressive corporate ransomware attempts.
Cyber criminals fall into the wrong hands
Terrorist organisations have shown themselves to be increasingly tech savvy
when it comes to using the World Wide Web and social media for recruitment
and propaganda efforts against corporations and individuals.
Whilst they might not have all of the required skills themselves, there is
no shortage of cyber-criminals who are sadly all too willing to rent their
skills out to the highest bidder. This could be a lucrative opportunity for
hackers with questionable morals.
We’re already starting to see early signs of cyber-attacks being used to
cause physical damage. One example of this is the advanced persistent
threat (APT) attack on a German Steel Plant that targeted furnace
functionality systems and resulted in a fire at one of its warehouses. This
form of physical threat is only going to increase. As the popularity of
Internet connected SCADA systems and the Internet of Things (IoT) grows, so
will enterprise endpoints which provide hackers with millions of doorways
to now exploit.
Encryption is no longer the realm of geek speak
In the coming months, the debate around new legislation that proposes
weakened encryption protocols and procedures which will grant law
enforcement access to decrypted communications as and when they feel it is
necessary, will come to head.
Using strong encryption for messaging and data storage is no longer the
realm of geek speak, but is an expected security feature to keep our data
secure.
This heated debate continues. On the one hand you have security services
and national governments seeking passage to access the encrypted data of
users in the interest of national security. While on the other hand, many
oppose the ruling due to the implications that these valuable data sets
could have, if they were exploited and happen to fall into the wrong hands.
While politicians used to dance gingerly around the topic, given the
privacy abuses exposed by the Snowden revelations, recent terrorist
attacks, including the events in Paris, have brought this issue to the
forefront once again.
iOS, for example, now encrypts data by default and Android while lagging
behind, is fighting to get there after Google released its new
compatibility requirements for 6.0. Popular chat applications like WhatsApp
tout encryption as a key feature and Apple’s iMessage app, which features
end-to-end encryption, is often referenced by these law enforcement when
arguing for ‘back door’ access to data.
This is one battle that will have serious repercussions for years to come.
Here’s to hoping that Apple, Google, Microsoft, Yahoo! and the like manage
to prevail.
The cyber-security space never fails to throw a spanner in the works
In the coming months, enterprises will be kept busy fending off ransomware,
wary of terror taking to the web and finding themselves engulfed in the
middle of the decryption debate. As the cyber-security landscape continues
to become overcrowded, businesses need to remain vigilant, back up anything
and everything and maintain their updated security solutions. With
applications continuing to make their move to the cloud, security solutions
must also make this leap to ensure a flexible and complete security
framework for enterprises in the years to come.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20160421/b857be76/attachment.html>
More information about the BreachExchange
mailing list