[BreachExchange] Opinion Hackers reaping greater rewards with hybrid cyber attacks

[Destry Winant]

https://www.information-management.com/opinion/hackers-reaping-greater-rewards-with-hybrid-cyber-attacks?brief=00000159-ffbf-d8bf-af7b-ffbf558d0000

For as little as five dollars, cybercriminals can purchase DDoS
services that can be used as part of larger hybrid attacks.

A DDoS attack may be unleashed by a hacker to test an organization’s
network security, to function as a smokescreen distraction or to
locate a backdoor for exfiltration. Due to the dark web opening up
‘DDoS for hire’ services and shops, DDoS attacks are increasing both
in popularity and scale.

Hybrid attacks can then cause more damage than just taking an
organization offline, infecting it with malware or ransomware, for
example.

One common practice for cybercriminals is to use a round of DDoS
attacks to determine whether or not an enterprise is an easy target.
Most of the time, attackers simply do not want to waste time or money
attempting to infiltrate an enterprise that has iron-clad security
defenses; launching one round of DDoS attacks is enough to showcase
how hard or soft an enterprise’s cybersecurity is.

If attackers have an easy time penetrating cybersecurity defenses, a
second round of attacks, whether DDoS, malware or ransomware, may be
launched to shift organizational focus to mitigating it. This
distraction buys cybercriminals time to access the network through the
backend and inflict further damage to the organization, costing small
and midsized businesses an average of $2,235,000 per year.

We should therefore be aware of fleeting DDoS attacks as they could be
a prelude to a larger hybrid attack. According to Infosec Global,
cybercriminals are shifting from large scale, monster attacks to
smaller, targeted, short burst hits like these—an approach that will
likely continue with ferocity into 2019.

Beyond network security, companies must also account for potential
vulnerabilities with IoT devices, particularly those that are low cost
and low security. These vulnerable IoT devices are readily available
and often have not undergone thorough security checks.

It is critical for companies to analyze the IoT devices they purchase
and determine whether the devices can be used to infiltrate a
company’s network and confidential information. IoT devices that can
be easily compromised give hackers access to launch hybrid attacks
internally.

Simple security steps every company should follow

Creating a two-tiered network security approach is beneficial for
companies looking to toughen their security. The first tier is focused
on perimeter security—how can we ward off initial threats before they
get access to our network? The second tier of security targets threats
that have already infiltrated the network.

Companies must have guidelines on how to fight threats from within
their network as cybercriminals grow more sophisticated.

It is recommended that companies compose a business continuity and
disaster recovery plan that encompasses every area of the
organization—including public relations, sales, finance, marketing,
procurement, human resources, etc.

To be effective, the plan must describe the overall business
continuity response management structure, identify specific roles and
responsibilities, designate coordination and communication between
entities, and describe a general concept of operations for efficiently
and effectively addressing the life cycle of an incident.

Companies must also audit their digital platforms as often as they
change them. Every update, whether to the website or to operations,
has the potential to create a vulnerability. The best practice is to
hold weekly audits, however, companies that make frequent changes
should consider daily audits.

Cybercrimes grace headlines every day, yet 81 percent of data breach
victims do not have the ability to detect breaches internally.
Companies are well-aware of the devastation cyberattacks can cause and
without investing in hard network security, they remain vulnerable to
hybrid attacks. In the 197 days it takes for them to naturally detect
a breach, cybercriminals gain access to a wide variety of sensitive
materials and have ample time to inflict damage.