[BreachExchange] Distributed Cybercrime is a Growing Threat to Critical Infrastructure

[Audrey McNeil]

https://www.entrepreneur.com/article/311600

Ransomware is not new but has been a growing tool of choice of the
cybercrime community in the last few years, capturing headlines for the
widespread and brazen way they are able to be installed and holds the
victim's data hostage. From WannaCry to NotPetya and BadRabbit, and recent
attacks on US-based Boeing manufacturing plant and the City of Atlanta,
ransomware is showing its full might.

But little is being said about the business model behind these types of
attacks. Ransomware and its larger family of distributed cybercrime have
evolved, giving cybercriminals a more organized, sophisticated way to wreak
havoc and make money.This business model is a way in which cybercriminals
attack many victims in the same campaign. It is proving to be a costly, and
a lethal nuisance the right situation.

Why does Distributed Cybercrime Matter?

This commercialization of cybercrime is due to the lower barrier to entry,
you don't need massive computational power for brute force attacks or deep
knowledge of cybersecurity or cryptography to be effective. Sample exploit
code and easy–to–use tools are readily available on the dark web and have
the ability to generate a substantial revenue stream with little skill or
effort. This has driven professional cybercriminals to develop malware that
runs on professional platforms, uses pre-packaged distribution services and
leverages knowledge of infection experts to attack the world. They don’t
know who their victims are — nor do they care. It’s the perfect, automated,
money-making machine for criminals, creating an ease of use and ROI that is
too good to pass up.

1. Attacks require less effort as they target “low-hanging fruit” (i.e.,
individuals or organizations with sub-par security)

2. Attack skill level is low compared to techniques such as spear-phishing
— regular ol’ phishing is good enough for weak targets

3. Highly coveted zero-day vulnerabilities are no longer required for
profitable attacks — mainstream CVE vulnerabilities with known exploits and
existing patches will do, as many victims don't patch regularly

4. Any standard endpoint is a potential source of revenue, making a
complicated lateral movement toward the crown jewels irrelevant

5. When you attack the world, the sky is the limit — the revenue potentials
are endless

How exactly would this type of cybercrime impact a manufacturing plant or
other critical infrastructure? It doesn't take much to dupe an unsuspecting
victim and install the malware. An innocuous looking email or website
visited by a staff member can be all it takes to compromise a facility in
seconds. From consumers to manufacturers and critical operations like
hospitals, transportation and other civil services— nobody seems immune
from the ransomware threat.

Protecting Against Distributed Cyberattacks

Networked systems are complex and attackers have all the time in the world
to study and understand them. Plant management doesn’t. Don’t assume the
state–of–the–art security system in place for IT networks has visibility
into operational technology that nonetheless is connected to it.

To safeguard against distributed as well as targeted attack, you need to
have visibility of your entire attack surface, including IT and operational
technology(OT) networks and know that baseline security standards are met
throughout your organization.From that fundamental visibility, you can
start to see your network as an attacker would, finding paths of least
resistance so you can harden your defences.

Organizations with OT networks also need to ensure they can detect
vulnerabilities in these environments. Active scanning is prohibited in OT,
so passive solutions are required. Vulnerability occurrence data should be
analyzed in the complete context of the attack surface — the IT and OT
network, security controls, potential business impacts and threat activity
in the wild. Only in this context can you accurately prioritize
vulnerabilities for remediation in OT networks where patching is carried
out only when it’s an absolute must. Understanding network and security
control context also provide non-patching mitigation options to isolate
vulnerable assets until a patch can be deployed.

Visibility and intelligence are key to protecting against a commercialized
threat landscape and threat actors who are increasingly turning their
attention to critical infrastructure. But by addressing the underlying
vulnerabilities and cyber hygiene issues on which these tools and attackers
rely, you’ll have a strategic impact on your cyber attack readiness.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20180406/9d8a3417/attachment.html>