(Posted On Behalf of Pushkal Mishra ,AVP IT & CISO, HDFC ERGO Health Insurance Ltd)
As a security professional we always wonder about new cyber threats and how the world is reacting to those. Since there are multiple industries with their specific risks, where does one get the insights on top cyber issues wreaking havoc on information systems?
With this article, I attempt to answer that by listing top 5 reports that I find useful. These are researched material based on solid background and encapsulate entire year's happening in an impeccable way. These can also be helpful reviewing your infosec program in the light of the latest cyber threats.
1.) The State of the Internet by Akamai :-
As more and more transactions move to the internet, it is becoming increasingly crucial to be aware of its current security challenges. To that end, Akamai brings a strong understanding on the ‘state of internet’ as it deals with 130 terabytes of data, one billion devices, and over 100 million IP addresses every day. Its 'State of The Internet' report presents great insights on the latest threats. For example, this year's report talks about credential stuffing attacks at great length. There are tons of poorly configured databases that allow exploitation of injection vulnerability to gain access to valid user names & passwords then several minibots validate credentials until they are matched. Once the accounts are confirmed as valid these stolen accounts are then traded for gift card codes, coupons, credit cards in Darknet. This is a major risk to online businesses.
It further reveals many *DDoS-for-hire platforms available online that make launching the attack easy and difficult to stop. Distributed bot attacks are extremely disruptive.
2.) Internet Security Threat Report by Symantec :-
An interesting thing about the report is that it takes cognizance of Symantec Global Intelligence Network (GIN), which is one of largest civilian threat collection & intelligence networks that comprises more than 123 million attack sensors, records thousands of threat events per second, and contains over 9 petabytes of security threat data. Given that Symantec offers solutions in more cyber security categories than any other company, its report is pretty broad. It also covers information on various malwares, targeted attacks, cloud, *IoT, messaging, web, mobile. Some of those that got my attention are:
A significant increase in supply chain attacks which exploit 3rd-party services/software to compromise the final target. For example, a massive data breach of Ticketmaster’s website was done through a compromised 3rd-party chatbot, which loaded malicious code into the web browsers of visitors to the website with the aim of harvesting payment data. Cryptojacking peaked during dec’17 to feb’18 where cyber criminals run coin-mining software on victims’ devices without their knowledge and use their CPU power to mine cryptocurrencies. Ransomwares like WannaCry, copycat versions, and Petya continue to inflate infection.
Just so worms and bots weren't enough, a new breed of IoT threat emerged. Routers and connected cameras were the most infected devices. Router were the attractive target due to their accessibility from the internet and an effective jumping-off point for attackers.
3.) Data Breach Investigations Report by Verizon :-
This is an outstanding report from the data breaches standpoint. We know that no matter however strong our defense is, breaches do happen. This report will get you industry specific insights on incident/breach data with details on threat actors’, ‘actor motives’, ‘top 3 patterns’ and ‘data compromised’. This report is known for its rigor and integrity and there are many contributing companies behind this report.
As per report, financial gain is the most common driver of data breaches, representing 71% of cases. Espionage is the motive in 25% of breaches. C-level executives found to be 12 times more likely to be the target of social incidents and 9 times more likely to be the target of social breaches than in years past. There is some relief on reduction of number of physical terminal compromises in payment card-related breaches due to the implementation of chip and pin payment technology. Further, click-through rates on phishing simulations for data partners fell from 24% to 3% in the past 7 years. But 18% of people who clicked on test phishing links did so on mobile devices. Research shows mobile users are more susceptible to phishing, probably because of their user interfaces and other factors. It further explains as companies continue to transition to more cost efficient cloud-based solutions, criminals shift their focus and so phishing attacks, credential theft and breaches due to cloud misconfiguration are a natural byproduct of the process.
4.) State of the Phish and The Human Factor by Proofpoint :-
Proofpoint presents security perspective from end user standpoint and advocates people centric approach to cybersecurity. It analyses data from tens of millions of simulated phishing emails sent to end users around the world in organizations of all sizes. Its findings are based on phishing tests administered via their security education platform. This report along with Human Factor report present meaningful insights on phishing susceptibility and end-user risk.
As per these reports, email remains the top attack vector and social engineering is at the center of most attacks today. Suspiciously registered domains outnumbered brand register domains by 20 to 1. That makes targets to mistake *typosquatted and suspicious domains for their legitimate counterparts. Dropbox phishing was the top lure for phishing attacks. Ransomware and banking *Trojans accounted for more than 82% of all malicious email messages.
Their research recommends detecting which people/departments are being attacked the most and the deliver targeted security awareness trainings to improve knowledge and reduce risk.
5.) M-TRENDS by FireEye :-
M-Trends report is a great resource if you want to know about lesser seen and emerging threats in addition to the most often used cyber-attacks. The report stems from Fireeye's own investigation and a variety of case studies to demonstrate exactly what they saw in the field.
So if the area of Advanced Persistent Threat(*APT) excites you then you may find this report interesting as it uncovers state-sponsored groups who carry out sophisticated bank heists, covert intelligence gathering, monitoring/tracking/surveillance against specific individual/groups with full-attack-lifecycle . It also explains about APT evolution on espionage across regions. Other interesting part was their case studies on red teaming exercises and useful defensive trends.
Comments