[BreachExchange] 3 Sources of Cyberattacks – and 3 Preventive Steps Government Can Take (Industry Perspective)

Audrey McNeil audrey at riskbasedsecurity.com
Tue Mar 29 21:32:58 EDT 2016


http://www.govtech.com/opinion/3-Sources-of-Cyberattacks-and-3-Preventive-Steps-Government-Can-Take.html

When it comes to cybercrime, the numbers tell a startling story:

- According to a Bank of America Merrill Lynch report in 2015, 80 million
to 90 million cybersecurity events happen every year.
- The same study revealed 70 percent of cybercrimes go undetected.
- According to a PricewaterhouseCoopers study, 1 billion data records were
compromised in 2014.

What affect is cybercrime having on your constituents? Cyberthreats and
cybercrimes have become a part of our vernacular, with The New York Times
publishing 700 articles in 2014 related to data breaches, versus just 125
in 2013. Not only has cybercrime entered our regular conversations, but it
tops the list of constituent fears as well. According to a 2014 Gallup
poll, Americans fear having their credit card information stolen by hackers
more than they fear getting robbed or even being murdered.

Add to this the fact that mobile devices have opened up access to
information in astounding ways — from tracking health information to
finding an address using GPS. With all of the opportunities today’s
technology provides, it also opens the door to cybersecurity risks.

The cybercriminals posing the greatest risk to you and the constituents you
serve can be grouped into three broad categories: state-sponsored threat
actors, hacktivists and individual cybercriminals. Understanding the main
differences between each cybercriminal type can be your agency’s best
cyberthreat defense.

1. STATE-SPONSORED, ALSO KNOWN AS NATION-STATE THREAT ACTORS

These type of cybercriminals typically are backed by hostile foreign
governments. Their highly targeted attacks are attempts to steal
intellectual property, get access to military intelligence or gain tactical
advantage over a rival nation. In the past, U.S. companies Westinghouse
Electric Company, U.S. Steel Corp. and others have fallen victim to
state-sponsored attacks. In a February 2016 hearing before the House
Appropriations Committee — Subcommittee on Commerce, Justice, Science and
Related Agencies, FBI Director James Comey spoke about the agency’s focus
on state-sponsored cyberthreats, saying, “virtually every national security
threat and crime problem the FBI faces is cyber-based or -facilitated … we
are targeting the most dangerous malicious cyberactivities: high-level
intrusions by state-sponsored hackers.”

With state-sponsored attacks on the rise, even such companies as Facebook
are getting involved, warning users who may be the target of
state-sponsored actors.

2. HACKTIVISTS

Hacktivists launch attacks to promote political agendas. The term
“hacktivist” first surfaced in the mid-1990s and became a mainstream term
in 2008 with the public emergence of Anonymous, probably one of the
best-known hacktivist groups in the United States.

In 2014, following the shooting death of Ferguson, Mo., youth Michael Brown
in an incident involving police officers, Anonymous took down several city
websites, including that of the Ferguson Police Department. Recent
hacktivism by Anonymous includes disrupting service to the state of
Michigan’s website in January 2016 following the news of lead-tainted water
supplies in Flint.

3. INDIVIDUAL THREAT ACTORS

Individual threat actors are those who commit cybercrimes for “sport,”
often in an attempt to boost their cyber-credentials and hacker
reputations. These actors typically operate alone, but their goal appears
to be proving their skills and being recruited via social media for larger,
more organized attacks. Recently, ransomware is on the rise as a prevalent
individual threat actor attack mechanism. Ransomware infects a computer and
restricts access, demanding a ransom to remove the restriction placed on
the computer and/or files. Typically these attacks request payment via
bitcoin because it is largely untraceable.

Cryptowall, a type of ransomware, first appeared in 2014. The FBI estimates
that as of June 2015, more than $18 million has been collected by
Cryptowall. Targets can range from individuals to companies.

Organizations hit by ransomware include Hollywood Presbyterian Hospital in
California, whose entire computer network was disabled, including digital
patient records. The hackers encrypted the hospital’s data and demanded $3
million to unlock (decrypt) the network. The hospital reportedly paid a
ransom to the hackers in bitcoins equivalent to approximately $17,000. The
city of Detroit also was a victim of ransomware and, in this case, the
city’s entire database was encrypted and held for a ransom of 2,000
bitcoins worth about $800,000. The city did not pay the ransom.

PREVENTION IS KEY

Cyberattacks may be hitting government from a variety of sources, but your
agency can take initial preventive steps:

- Hacktivists follow controversial legislation or civic unrest. Monitor
current events in your region for situations that may ignite hacktivism.
- Prepare in advance with your Internet service provider (ISP). Have a
mitigation plan in place prior to an attack. It is much more difficult to
plan your response in real time in the middle of a crisis event.
- Consider outsourcing your hosting needs. You also may choose to parse out
large agencies with special hosting needs. In addition, consider “spreading
the wealth” of your hosting needs with multiple hosting providers. Limit
your hosting needs with only one provider.

Cyberthreats are constantly evolving. Like a virus that becomes immune to
the original antibiotic cure, cyberattacks and threat actors continuously
switch tactics in an attempt to stay a step ahead of virus protection
software and law enforcement.

Cyberattacks are here to stay and the havoc they wreak is pervasive. By
understanding where attacks come from and some preventive steps you can
take to minimize an attack, your agency will be better prepared to defend
itself and your constituents.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20160329/055e602a/attachment.html>


More information about the BreachExchange mailing list