[BreachExchange] Data breached? You’re in good company

Wed Jun 15 19:45:12 EDT 2016

http://tech.firstpost.com/biztech/data-breached-youre-in-good-company-320780.html

Almost on a daily basis, data breaches at large organisations are reported
around the world. To the casual observer, it appears that organisations in
the US and UK are under siege, scrambling to get ahead of attackers who
continue to find newer ways into their networks. Meanwhile, organisations
in India seem immune by comparison – reports of big breaches at large
organisations are few and far between.

However, the gap between what is reported and what really happens –
especially in India – is wide. In the second half of 2016, 24% of our
customers in India faced advanced cyber attacks. This figure is well above
the global rate of 15%. To put it another way, our customers in India are
60% more likely to be hit by an advanced cyber attack during this time
period than the worldwide average.

This begs the question: if breaches are taking place, why aren’t we hearing
about them? More importantly, how can India improve its defences against
advanced cyber attacks?

The Indian subcontinent is a hotspot for geopolitical tensions, and
escalations are frequent. The need for national intelligence fuels cyber
espionage activity. For example, we recently observed surveillance malware
SEEDOOR, distributed by likely Pakistan-based threat actors, among Indian
military and defense targets as well as Pakistani dissidents.

SEEDOOR is by no means the first instance. Last year, we detected a
decade-long cyber espionage campaign by China-based threat actor APT30,
which compromised an Indian aerospace and defense company. Other targets
included governments, businesses and institutions holding political,
economic and military information about Southeast Asia.

How did APT30 manage to stay undercover and active for ten years with the
same organisation?

Low awareness of advanced threats and a false sense of security brought
about by the lack of intelligence-sharing mean that the cyber defense
capabilities of Indian organisations are low. They can be compromised at a
lower cost, with a higher return on investment for the attacker. While
India’s cyber security capabilities lag behind those of many organisations
in the US and Western Europe, the threats our businesses and governments
face do not. Indian organisations face advanced, mission-driven attackers.

The potential consequences of India’s relatively weak cyber defences extend
far beyond India. As a leader in the outsourcing space, and as an
increasing number of global organisations rely on outsourced service
providers, a breach in India can have global impact.

The most damaging outsourced service provider abuses we saw in 2015 were
related to the IT outsourcing (ITO) industry. By working with victim
organisations and their outsourced IT service providers, we have identified
multiple advanced attack groups that have persisted across various ITO
infrastructures for more than at least two years – and five years in one
instance. The attackers were maintaining persistence to the ITOs and
leveraging them for unrestrained access into the targeted companies that
employ the outsourced services. The goals of the attackers varied for each
of the end- client victims, but the actors were primarily focused on
stealing sensitive data from those organisations while maintaining access
to the ITO infrastructure for additional campaigns targeting other
companies.

In the absence of disclosure, customers of Indian organisations don’t know
that their data has been compromised and cannot take steps to remediate.
This reduces trust, affects reputation and can have an economic impact on
Indian organisations.

It is already too easy for attackers to steal confidential information from
most kinds of businesses, but keeping these crimes under wraps just makes
it easier for the groups to breach more victims. Often the credentials
stolen in one attack are later used to perpetrate another – attacks that
might have been prevented if those credentials had been changed by their
owners once the breach was made public. Like traditional espionage,
intelligence-sharing is one of the most effective tools to understand the
most dangerous threats, find a solution and make it easier for others whom
the threat actors may target to arm themselves.

As attackers increasingly seek to disrupt business operations, steal
confidential information and leverage geopolitically sensitive data
relevant to India and our businesses, breach disclosure can help start
conversations and share intelligence that ultimately lead to a more secure
India. Mandatory disclosure of breaches builds trust and demonstrates that
Indian government and business is committed to promoting investor, customer
and citizen confidence.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20160615/41ea4f89/attachment.html>