Global Trends of Cyber Security

To discuss the Global trends of cyber security, we must first discuss the motivation behind the actors who are delivering malware into environments, running distributed denial of services attacks and causing breaches across the industry. There are three main reasons for performing malicious attacks on a corporate environment: for profit, espionage and hacktivism.

For Profit, we see a lot of trends coming from Eastern Europe in which simple tools are used to steal personal identifiable information (PII) that can be used by the malicious actors or sold to anyone willing to purchase the data from the underground marketplace. These attacks are generally website compromises that lead to databases containing encrypted PII. The style of the attack is more of a smash and grab. This was recently seen with the breach at the Revenue department of the State of South Carolina where over 387,000 credit and debit cards were taken. Of the 387,000 records, only 16,000 were unencrypted and revealed in plain text. Below is a graph of the average cost for verified accounts with funds available.

There was a time when these types of illegal transactions took place in dark places and were unknown to the general public, but that’s no longer the case. The malicious actors now even offer free samples, verification services, and replacement packages if cards are no longer valid. The size of the economy is largely unknown, but there was a researcher at McAfee that estimated the size to be in excess of $750 billion in 2011. Below is a sample of a group that has gained access to tens of thousands of credit card numbers and is offering them at a rock-bottom price.

For Espionage, there is a completely different set of tools and goals. You are finding more long-term attacks. Spear phishing is used more prevalently in an attempt to deliver malware into an environment. We find that the attacks are primarily coming from Asia, and the intent is to escalate privileges until a level is reached in which data can be transferred quietly and efficiently out of an environment through a compromised third-party server. Attack experts believe that the malware’s first phase is to collect sensible information on the target networks and in a second phase, to erase tracks of its operation. It then destroys the infected machines making the subsequent forensic analysis by computer experts difficult. For example, there is an ecommerce site that has purchased a /32 bit subnet allowing them 6 hosts per segment, and the owner is only using one for his web server and another for a database server. The host web server is compromised with a recent zero-day exploit. The malicious actor would compromise the site, unknowingly to the ecommerce operator, and set up a communication tunnel from which they would transfer stolen data. The data will then be transferred to a collection server and then retrieved by actors located at the true origin of the attack. Before completing their mission, they would whip out the communication path so that there is not trace that they ever were there, making forensics impossible. This is a common technique used to transfer data without the true source being revealed.

For Hacktivism, this is a cause of social protest or to promote political ideology. Hacktivists employ operations such as denial of service(s), information theft, data breach(es), and website defacement(s). These are certainly not new tactics and were used back in the mid 90s by groups such as the Cult of the Dead Cow. We have seen groups stand up and act as both Robin Hood and Prince John in one. Robin Hood, in which they stand for righting the wrongs that has been committed on the Internet. For example, a group identifying a person who wrongfully committed Internet crimes against a minor that drove that person to take their own life. This person who committed the crime would have their lives published on the Internet for all to see and for law enforcement to track. The Prince Johns are those of the group who do not see the truth in what the other are attempting to do. They use the tools and access to use on low security financial institutions and targets of a convenient and easy nature to compromise. According to the study “Data Breach Investigations Report”, published by Verizon, hacktivists stole almost twice as many records of ordinary cybercrime from organizations and government agencies. Hacktivists are showing incredible skills and we expect the attacks to increase in numbers as well as impact. They were the representation of their generation and performed their operations of denial of services, information theft, data breach and website defacement.

Alert Logic provides a comprehensive, cloud-based portfolio of Security-as-a-Service solutions incorporating advanced security tools, expert security services, and an integrated research team to continually assess and monitor your environment, ensuring your data remains safe and audit-ready — even as new threats develop and regulations evolve.

Contact us to schedule a Demo.

References:

http://ddanchev.blogspot.com/2011/10/exposing-market-for-stolen-credit-cards.html

https://www.europol.europa.eu/content/press/cybercrime-business-digital-underground-economy-517

http://www.infosecisland.com/blogview/22460-Energy-Sector-Cyber-Espionage-Chinese-Hackers-are-not-Alone.html

http://securityaffairs.co/wordpress/4986/cyber-crime/they-are-not-what-you-think-they-are-they-are-hacktivists.html

 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of the author. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided "as-is". The author shall not be liable for any damages whatsoever arising out of the content or use of this blog.
%d bloggers like this: