Okay, so it’s that time of year again... Actually, it was a little while back but I am just now getting into reading and trying to pass along the interesting tidbits that others might find interesting about this year’s incarnation of the Verizon Data Breach Incident Report. For those of you unfamiliar with the report, its effectively one of the best resources talking about cybercrime and the ways that bad guys do bad things. Additionally, and maybe more useful, it also breaks the information down by business vertical to address the real-world threats that the industries of Retail, Manufacturing, Healthcare, etc. are seeing out in the wild. For those of us who have been watching the security landscape for the last year, none of this is surprising. This year brings with it the same attacks and problems that we have seen in the previous year’s only with greater accuracy and volume. Without any additional wait here is your FUD (security slang for Fear, Uncertainty, and Doubt) and hopefully a little bit of light at the end of the tunnel.
One of the major themes that we are continuing to see is the increase in cybercrime away from the fun/grudge/hacktivism to a more organized crime and financial nature. Unfortunately, this type of changes leading to higher incidences in the retail and financial spaces. However, when it comes to the retail space it is still more common for a website to be attacked by a denial of service attack then any other attack. Of the items listed in the report (retail space) 209 of them were related to denial of service style attacks while only 19 were related to malware. Automated attacks are on the rise, with botnets at the center of hacking as well as denial of service attacks.
Another trend that we are going to look at is the rise in the number of ransomware attacks. There’s no denying that the rise in ransomware over the last couple years has been due to the availability of simple technology (including the building of ransomware kits), low risk of getting caught, as well as its profitability. The number one entry point for ransomware into the business remains human beings. The nature of these attacks are such that, Individuals caught in phishing schemes are enticed to download applications the computer. Based on information collected by the report states that around 7% of people inside an organization of 30 or more people will fall victim to the lure of a phisher, and of that set 15% would do it again. This is the reason that more emphasis needs to be placed on the adoption of security training to spot and avoid phishing attacks. Developing a culture of “seeing something and saying something” is pivotal in finding an ending these types of attacks. The unfortunate side effect of not stopping these attacks is, as indicated by the report, is the exfiltration of company secrets and client credentials. The main saving grace here is that one in 5 of their users will report a suspicious looking email if they are trained properly, this closes the window on the amount of time involved in an attack. With the rise that we have seen in the first couple of months of 2017 with there being several news worthy stories it doesn’t appear that the threat of ransomware is going anywhere any time soon.
In the public sector we’re starting to see an increase in the number of state affiliated actors (accounting for almost 50%) that are going after secrets held at all levels of the public sector. The biggest problem that is presented in the space seems to be that the time between the initial infection and the point where the attack is caught still ranges in the years versus in the days or months for the retail sector. Of the incidents that were reported in the incident report 60% took longer than a year(s) to be discovered. In these particular incidences, knowing the threat that your organization is faced with can go a long way to reducing your susceptibility to attack. It appears in many ways that the public sector is more like the manufacturing when it comes to the nature of how they are being targeted, specifically that they are being more targeted by nation state actors. Again, in this instance the human being is the main entry point for any attack.
Information businesses are still a major target on the internet, and we are finding that once you get past the deluge of Denial of Service Attacks, you find that the hacking of web based applications by botnets is still a very real threat. Once malicious bot nets target your site they are performing the following actions: using or accessing stolen credentials, using a backdoor or command and control script, installing spyware or keyloggers, phishing, or exfiltrating data. If there are two things that you’re looking to do this year to improve the security of your information based website they should be to implement two factor authentications and building a plan for dealing with denials service attack. As an administrator or user you should know that the majority of username and passwords that are stolen from sites are used in attacks against financial organizations relying on users that reuse passwords on multiple sites.
In the end there is good news, and this should be hopeful, with attention and training many of these points can get smaller. The bad guys can't necessarily be stopped entirely, but it is possible to prevent from being an easy target. Proper planning, protection of assets, and adequate, consistent training of the staff can go a long way to protecting the business.
Download the Verizon Data Breach Incident Report NOW