Upload
others
View
3
Download
0
Embed Size (px)
Citation preview
A LOOKINGGLASS CYBER SOLUTIONS™ WHITE PAPER | FEBRUARY 2016
Information Security Threat Landscape:
Recent Trends and 2016 Outlook
2
Information Security Threat Landscape: Recent Trends and 2016 Outlook© 2016 LookingGlass Cyber Solutions™
Executive Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
2015: Year In Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
The 2016 Threat Landscape . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Conclusions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Table of Contents
Information Security Threat Landscape: Recent Trends and 2016 Outlook | © 2016 LookingGlass Cyber Solutions™ 3
2015 was another landmark year for the information security world, which was dominated by the ever-changing threat landscape . We saw new and sophisticated malvertising campaigns and a shift in hacktivists’ tactics . There was an increased scrutiny on vendor and third-party security practices as a result of several large breaches, as well as growing concern over the lack of security awareness training programs for employees .
The Internet of Things (IoT) is expanding in a dramatic way, bringing to question the issue of availability versus security, as security measures are having a difficult time keeping pace with the development of IoT devices . The introduction of more efficient semiconductors, coupled with revolutionary technology that allows semiconductors to store as well as process complex instructions, means that the IoT may be a more attractive target for hackers . IoT devices from healthcare and industrial systems (i .e ., SCADA) could be the most at risk for significant service interruptions and may have secondary and/or tertiary effects on other industries .
IoT devices may also become more of a hacker target due to their mass proliferation, rapid development, and popularity . Devices like refrigerators can serve as proxies or slaves in a botnet that distributes malware across the Internet . They could also serve a more nefarious purpose by stealing credentials from your Wi-Fi and infecting small office/home office (SOHO) routers .
In 2016, we see hacking no longer constrained to highly sophisticated threat actors with detailed knowledge of network technologies and programming . Concepts such as ransomware-as-a-service (RaaS), cybercrime-as-a-service (CaaS), botnets-as-a-service (BaaS), and malware-as-a-service (MaaS) have become part of the common lexicon . The development of tools, open-source databases, and the propagation of cyber crime forums means a person with average computer skills is just as likely to pose a threat as an experienced hacker or nation-state . We anticipate this becoming a major issue for small and medium-sized businesses (SMBs) that typically have lower security barriers than large businesses .
Social engineering will continue to be a problem, with pretexting playing a bigger role in campaigns aimed at manipulating their targets . Cyber insurance will also experience an increased focus as enterprise organizations seek “risk transference” as a result of their third-party relationships with SMBs .
Executive Summary
4
Information Security Threat Landscape: Recent Trends and 2016 Outlook© 2016 LookingGlass Cyber Solutions™
Vendor Security Under Increased Scrutiny As A Result Of Outsourcing And High-Profile Breaches Outsourcing corporate data management to third-parties is the new reality for many companies, especially
larger businesses. This caused big problems in 2015 for companies that didn’t evaluate the security
posture of their vendors. Some of the biggest data breaches – Home Depot and CVS – were caused by
supply-chain issues, resulting in data privacy and security practices of vendors and third-parties becoming
a primary concern.
While most companies take their own cyber security seriously, they often overlook the cyber security
profile of their vendors. According to the New York State Department of Financial Services’ 2015 report,
nearly a third of 40 banks surveyed did not require their third-party vendors to notify them in the event of
an information security breach or other cyber security breach.1
Malicious actors are constantly looking for weaknesses and security gaps in vendors’ networks to gain
access to specific organizations, whether it’s through a HVAC vendor or payroll processor. They rely highly
on human error and lack of cyber safety awareness to help them victimize their targets. Many times, threat
actors target third-party vendors because they are small and medium-sized businesses (SMBs) with lower
2015: Year In Review
01SECTION
1 http://www.dfs.ny.gov/reportpub/dfs_rpt_tpvendor_042015.pdf
5Information Security Threat Landscape: Recent Trends and 2016 Outlook | © 2016 LookingGlass Cyber Solutions™
security postures that are easier to breach. Companies that outsource
data to third-parties, especially if they are SMBs, need to put a heavier
emphasis on proactively vetting their vendors in 2016.
Not only do companies suffer financial repercussions due to breaches,
but they also deal with heightened media attention and brand damage,
which can be seen as more impactful. Approximately 86 percent of the
general public said they would be deterred from doing business with a
company that has been breached, especially if they lost credit and debit
card information.2 Although most consumers still shop at the brands
that have been hit by recent large breaches, according to Ponemon
Institute’s “The Aftermath of a Mega Data Breach: Consumer Sentiment,”
19 percent of organizations that suffered a breach because of a
third-party or IT system failure still felt the repercussions of
reputational and brand damage.3
Managing third-party vendors based on the risks they pose often
requires knowing where they may be weak in order to put policies and
procedures in place to mitigate potential risks. More often than not, it is
up to the organization itself to understand third-party security risks by
performing their own due diligence, putting contractual mechanisms
in place to address potential risks, and vetting third-party vendors.
Assessing and managing vendor risk is an ongoing process that requires
organizations to adopt a holistic approach to vendor-risk assurance and
find cost-effective ways to streamline their processes.
2 http://www.networkworld.com/article/3019930/security/does-a-data-breach-really-affect-your-firm-s-reputation.html#jump 3 http://www.experian.com/data-breach/2014-aftermath-study-consumer-sentiment.html?WT.srch=ecd_dbres_pr_referral
6Information Security Threat Landscape: Recent Trends and 2016 Outlook | © 2016 LookingGlass Cyber Solutions™
Criminal Organizations And State Actors Leveraged Malvertising Campaigns Throughout 2015, threat actors increasingly turned to spreading malware
by displaying infected advertisements on trusted, reputable, and/or popular
websites. This method, known as malvertising (‘malicious advertising’), is
particularly effective because the malware in these ads are configured to avoid
detection by online publishers and visitors. Infected advertisements placed on
trusted websites either infect devices directly through auto-loaded content or
via redirection to a malicious site. Criminal organizations, as well as state actors,
leveraged malvertising to target small and medium-sized business (SMB)
websites with vulnerable advertisement feeds for the purposes of intelligence
gathering or monetary gain.
Malvertising affects websites running advertisements that are susceptible to
compromises in the Real-Time Ad Bidding (RTB) process, a tactic we expect
to continue into 2016. Threat actors are able to infect ads by infiltrating the
RTB process, in which advertising providers use pre-programmed automated
bidding agents to place bids against one another for the right to display
advertising content to specific users. When leveraged by malicious actors, RTB
uses legitimate advertising servers to provide malware disguised as ads to
popular Internet content providers (i.e., news, sports, entertainment, and social
media websites). Like most malvertising techniques, once a successful bid is
accepted by the advertiser, no indication is provided to the victim that their
browser is being redirected. No additional action is required for the victim in
order for their system to be compromised.4
4 http://www.invincea.com/2014/10/micro-targeting-malvertising-via-real-time-ad-bidding
7Information Security Threat Landscape: Recent Trends and 2016 Outlook | © 2016 LookingGlass Cyber Solutions™
Malvertisements can appear on frequently visited, well-known websites that
users wouldn’t expect to be infected. This can be especially problematic if
compromised websites are ones that an individual or a system administrator had
already deemed “Trusted” or “Allowed,” because the visitor will continue to go
to those sites and unknowingly open their system up to threats.5 Additionally,
users who typically allow pop-up windows, rich content (i.e., Adobe Flash), and
software installation from these websites may easily facilitate the installation of
malware directly onto their computers.
Last year, a U.S. Department of Defense (DoD) contractor who provided a “full
service ecommerce site” to acquire commercial-off-the-shelf (COTS) products
for the DoD and other state and federal agencies was infected with malvertising
via an ad network.6 This attack, and ones similar to it, can give threat actors
access into secure networks and the potential to breach not only government
contractors, but also government agencies themselves.
Another reason malvertisements are so dangerous is because they can
be customized to target specific user profiles. For example, victims can be
targeted based on user-agent strings, Internet Protocol (IP) address geolocation
information (down to a specific neighborhood), corporate IP address ranges,
visitor’s browser history, and profiles derived from cookies. If the victim’s profile
does not match the hacker’s criteria, either the hacker’s automated system does
not enter the RTB auction, or the hacker sets his or her system to lose the bid.7/ 8
5 https://web.archive.org/web/20150312182526/http://www.wired.com/2014/11/malvertising-is-cybercriminals-latest-sweet-spot 6 http://www.cyphort.com/dod-contractors-website-clean-navy-serving-drive-exploits/ 7 http://www.wired.com/2014/11/malvertising-is-cybercriminals-latest-sweet-spot 8 https://support.google.com/adxbuyer/answer/6136272?hl=en&rd=1
8Information Security Threat Landscape: Recent Trends and 2016 Outlook | © 2016 LookingGlass Cyber Solutions™
Malvertising is expected to remain an issue in 2016 due to the complexity of current online advertising practices that make it difficult to
attribute a malvertising campaign or attack to a specific individual or group. Additionally, there remains a lack of incentive for ad networks to
police themselves and question the advertising content they host. SMBs should especially be aware of how these ad networks fail to retain
control over their hosted content due to the amount of effort required to monitor advertisements for their reliability and trustworthiness.
Because of this, malvertising will likely assume a more sinister role against contractors, as many SMBs serve as gateways to government
agencies and/or large businesses or have “placement and access” to sensitive consumer and business information.
Until there is a way to prevent malvertising, security teams and users should:
• Keepbrowsersup-to-date
• Disablebrowserplug-ins
• Monitoroutboundnetworktraffic
• Configure‘X-FrameOptions’onwebsitesoremployanti-clickjackingattributesonHTML5webpages
• Useadblockingsoftwareorextensions
• InstallNoScriptorotherbrowser-specificadd-onsthatpreventframesfromactivating
9Information Security Threat Landscape: Recent Trends and 2016 Outlook | © 2016 LookingGlass Cyber Solutions™
LackofEmployeeSecurityAwarenessIsAMainConcernForMostOrganizationsMost security violations and data breaches can be reduced to a combination of three factors: human error, an under-staffed and under-funded IT
team, or an opportunity seized by malicious actors. In 2015, one percent of employees were responsible for 75 percent of enterprise security risk,
and according to the Identity Theft Resource Center, of the 781 data breaches in 2015, approximately 14 percent could be attributed to employee
error.9/10 In fact, 45 percent of employees have not received cyber security training at work.11 Placing the blame on employees only diverts from
the real issue; a need for organizations to provide adequate security awareness training to prevent some of these breaches in the first place.
When considering budgetary expenditures across all businesses worldwide, the hidden costs of employee errors will likely outpace the
reported $3.8 million average cost of a data breach.12 A common thread leading to data breaches and security incidents is that employees do
not understand authentication and identity verification best practices.
This includes:
• Insecurepasswordpractices,includingnon-standardizedrequirementsleadingtocredentialoverload
• Socialmediauseandpoliciesconcerningconsequencesforbreaches
• Unclear,unenforced,ornonexistentBringYourOwnDevice(BYOD)policies
• Socialengineeringscams
• Phishingattacks
Insecure Password Practices
Employees are often overwhelmed with varying login requirements for an increasing number of systems needed to perform their day-to-day
tasks. Many times, employees use a combination of aging and newer systems; with aging systems typically have less stringent password
9 http://www.csoonline.com/article/2975914/application-security/most-corporate-risk-due-to-just-1-of-employees.html 10 http://www.idtheftcenter.org/ITRC-Surveys-Studies/2015databreaches.html 11 http://www.dailydot.com/politics/cybersecurity-workplace-survey-comptia/ 12 https://securityintelligence.com/cost-of-a-data-breach-2015/
10Information Security Threat Landscape: Recent Trends and 2016 Outlook | © 2016 LookingGlass Cyber Solutions™
requirements. To get around these non-standardized password
requirements, many use simple passwords, reuse passwords from
personal accounts, or simply create bad (insecure) passwords to pass
the validation check/requirements and avoid credential overload.
This can lead to credentials easily being cracked via bruteforce
or a dictionary attack with rainbow charts. This, combined with
vulnerabilities in the operating systems and software of corporate
servers, databases, and employee computers, can provide an easy
way in for malicious actors.
Some solutions may involve finding common ground amongst systems
and standardizing credential requirements, or possibly integrating
all systems into a single log on portal for employees. Consider the
overhead lost in a 500-employee company with just 10 different
systems available amongst the staff. If the passwords change monthly
or every 3 months, staff productivity is directly impacted by the need
to make, remember, and innovate on passwords.
Unclear, Unenforced, or Nonexistent
Bring Your Own Device (BYOD) Policies
Typically, companies do not have standard security guidelines for their
BYOD policies. Employees end up using devices that are unsecured,
and can serve as access points for threat actors, specifically through
rogue apps downloaded from unregulated marketplaces. Threat actors
can use these gateways to access Personally Identifiable Information
(PII), photos, contact information, emails, calendars, and schedules.
11Information Security Threat Landscape: Recent Trends and 2016 Outlook | © 2016 LookingGlass Cyber Solutions™
Social Media Use and Policies Concerning Consequences for Breaches
In 2015, we noticed an increasing number of online posts by employees showing their security credentials or accidentally exposing sensitive
workplace information. This may be the result of employees being excited about a new job or possibly not recognizing that this is considered
a security violation. Employers should implement security and social media awareness training to get ahead of these issues.
Social Engineering Scams and Phishing Attacks
Social engineering and phishing have long been known as major contributors to corporate security incidents. Please see our section later
in the paper on our recent observations regarding social engineering.
In 2015, an estimated one in four recipients of phishing emails opened the message, and 11 percent of recipients clicked on attachments.13
Despite the continued fight against spam, the majority of which is phishing messages, the number of people falling victim to phishing attacks
is expected to rise. Threat actors continue to innovate and create new attack vectors designed to exploit the human element and breach the
information security defenses employed to protect organizations against advanced threats.
Additionally, employees are facing increasingly sophisticated requirements for sending PII and Protected Health Information (PHI). These
issues grow exponentially cumbersome as employees work remotely, share workbooks via web portals, or deal with heavy workloads as
additional government regulations roll into effect. All of these factors may lead to mistakes as employees attempt to save time. If not dealt
with, this could expose corporations to risks and legal concerns that may lead to brand and reputation harm as well as damage to the
bottom line.
13 http://www.greycastlesecurity.com/resources/documents/2015_Verizon_Business_Data_Breach_Investigations_Report.pdf
In 2015, one percent of employees were responsible for 75 percent of enterprise security risk.
12Information Security Threat Landscape: Recent Trends and 2016 Outlook | © 2016 LookingGlass Cyber Solutions™
No matter how trained or qualified someone may be, employers should consider
distributing best practices guides and holding quarterly or monthly training sessions
to address noted trends and emerging threats, and to offer regular reminders. The
“nobody’s perfect” and “even experts need a reminder” attitude needs to be kept
in mind. Organizations need to find a way to customize the message to their
audience and keep it relevant to their work. While this may seem burdensome
at the management level, having these programs in place could prevent millions
of dollars in damages and/or lawsuits and endless media cycles harming your
brand and reputation.
Hacktivism Remained Strong While Geo-PoliticalAttacksDeclinedHacktivists are politically-motivated individuals or groups who seek social change
– versus monetary gain – through hacking. The word “hacktivists” was coined
by researchers, journalists, and cyber security professionals who were trying to
distinguish between different types of threat actors. Hacktivists are often fueled by
an individuals’ need for political participation, and some hacktivists/groups associate
themselves with a particular country, organization, or other entity.
Throughout 2015, hacktivist groups driven by the desire for social change,
brand damage, embarrassment, and in some cases, financial gain continued to
attack their targets. However, geo-political hacktivism, which dominated headlines
in past years following global events such as news of actions in Ukraine, saw a
noticeable decline and the so-called “hacking-for-a-cause” or “broadly acceptable
hacktivism” saw an increase.
13Information Security Threat Landscape: Recent Trends and 2016 Outlook | © 2016 LookingGlass Cyber Solutions™
Hacktivism remained popular in 2015 due to a number of factors. First, people with
little or no technical skill could conduct low-cost operations to further their causes
through user-friendly hacking tools. These tools can be free, while some groups
develop and offer tools for a fee. A user just needs to find the right underground
forum (and have access to crypto-currency) to launch an attack against any target.
Along the same lines, there was a growing trend of knowledge and information
sharing among members of hacktivist collectives, as well as those interested
in their causes. In the aftermath of the attacks in Paris, hacktivists even
released several guides to help those without technical capabilities get
involved in fighting back against terrorist organizations. The guides offered
information on how to carry out man-in-the-middle and distributed denial
of service (DDoS) attacks.
Second, unlike participating in a physical street demonstration, hacktivism poses
little risk to participants and offers more anonymity, particularly in countries with
strict censorship laws. Most hacktivism cases are never even investigated by
law enforcement agencies, even though many of these attacks are illegal under
domestic crime statutes.14 This is primarily due to the fact that damages are
usually minor and attribution is often difficult. Unless damages are significant
(i.e., a data breach resulting in loss of large sums of money), law enforcement
agencies are unlikely to start an investigation.
Third, hacktivism enables individuals to participate in large-scale distributed
efforts. For instance, persons of a common nationality or cause can join
14 http://www.cybercrimelaw.net/un.html
14Information Security Threat Landscape: Recent Trends and 2016 Outlook | © 2016 LookingGlass Cyber Solutions™
together, whether residing in their homeland or on foreign soil, in a shared
pursuit of social change. Hacktivism can also mobilize additional segments of
the political community who do not participate offline. This was the case with
many politically fueled hacktivist campaigns, such as the July 2015 hacking of
Planned Parenthood employees by anti-abortion hacktivists.15
In the past, the actions of hackers and hacktivists were viewed by society as
universally wrong. While the theft of money, intellectual property, Personally
Identifiable Information (PII), etc., was (and is) still viewed negatively, if the
hacktivist’s actions helped further a cause or righted a social injustice, their
illegal actions were viewed as morally justifiable. For instance, after the Paris
attacks, some hacktivists waged a cyber war on the organization behind the
attack, taking down many Twitter accounts and websites linked to that group,
as well as spying on the terrorist group’s chats to foil future attacks.
This was also seen with the hacking of the adult dating site Ashley Madison.
After the site was hacked and millions of members’ personal information was
released to the public, some people viewed the hack favorably and as morally
justifiable. Most news segments and public discussions centered around the
identities of those on the site, especially high-profile individuals, and not many
centered on those who hacked into the servers of a private company and
stole data.
This “the ends justifies the means” mentality is becoming more prominent as
activist groups partner with or form hacktivist groups, and as stories of social
15 http://www.dailydot.com/politics/planned-parenthood-hacked-anti-abortion-3301/
15Information Security Threat Landscape: Recent Trends and 2016 Outlook | © 2016 LookingGlass Cyber Solutions™
injustices become more common on the news. Together this is prompting greater national and international action, aided by the creation
of easy-to-use (and sometimes free) hacking tools and society driving the definition of “good” and “bad” hacktivism. Whether it is through
doxing – the process of gathering or inferring other people’s information such as name, email, address, etc. using publicly available sources –
of a law enforcement officer involved in the death of a citizen, or the defacement of a website for a company involved in animal testing,
the support for hacktivism against public figures and companies that are acting unfavorably or possibly illegally, has been increasingly
seen an acceptable.
TheInternetOfThings:AnExpandingFrontierForHackersLast year saw the Internet of Things (IoT) gain significant traction and momentum across a range of industries, a trend that we expect to
continue for the foreseeable future. The Internet of Things refers to the connection of everyday objects to the Internet making them capable
of sending and receiving data. As we become a more networked society, we expose ourselves to the vulnerabilities inherent in the very
technologies on which we rely. The neoteric nature and rapid pace of development for IoT technologies makes security an afterthought
in many of these devices, providing new avenues for malicious exploitation.
On the surface, IoT leverages such connectedness to facilitate our daily existences, saving time and effort, thereby making us more efficient.
The more products and devices are upgraded with technologies, the more IoT makes its presence known in our lives. In 2015 alone, the
manufacturing ($165 billion) and transportation ($78 billion) sectors led the world in IoT spending with insurance, healthcare, and consumer
verticals estimated to quickly catch up.16 The Asia-Pacific region led the international community with more than 40 percent of worldwide
Security is often an afterthought in the development of many IoT devices, creating new avenues for hostile actors to exploit.
16 http://www.digitaltrends.com/cool-tech/internet-things-spending-will-grow-699-billion-2015-nearly-1-3-trillion-2019/
16Information Security Threat Landscape: Recent Trends and 2016 Outlook | © 2016 LookingGlass Cyber Solutions™
IoT spending, followed by North America, and Western Europe.
The cusp of growth is so large that it is expected to reach an
estimated $1.3 trillion in spending in 2019.17
Although risks to supervisory control and data acquisition (SCADA)
systems continue to dominate IoT discussions (internet-connected
SCADA systems can be attacked through the availability of
automatic discovery of Internet-facing SCADA devices via the
Shodan search engine), there is no shortage of other Internet-
connected devices (ICDs) – with embedded operating systems –
that will continue to remain vulnerable to infection via malware, or
serve as conduits for the distribution of malware to other devices.
These systems often remain vulnerable to infection due to their
inherent designs, which may not easily allow for enterprise-level
security management or patching, a problem that became an issue
when the Conficker worm infected numerous medical systems
around the world. Even though some of these devices were not
connected directly to the Internet, versions of Conficker spread
through removable media.18 Peripheral and multi-function devices
(MFDs) with embedded operating systems are also increasing as
potential channels for the spread malware if they have network-
accessible segments.
17 http://www.digitaltrends.com/cool-tech/internet-things-spending-will-grow-699-billion-2015-nearly-1-3-trillion-2019/ 18 http://deceive.trapx.com/rs/929-JEW-675/images/AOA_Report_TrapX_AnatomyOfAttack-MEDJACK.pdf?aliId=184622
17Information Security Threat Landscape: Recent Trends and 2016 Outlook | © 2016 LookingGlass Cyber Solutions™
As we move through 2016, legitimate security concerns have been raised about the IoT that warrant closer inspection. Those vulnerabilities
inherent in IoT devices that researchers have exposed will be taken advantage of by malicious actors.
AmongsomeofthemorenotableproblemswithIoT-relatedtechnologyanddevicesin2015included:
• Hackingcars:Researchersdemonstratedtheabilitytohackacarandcontrolsomeofthecar’sfunctionalitysuchaswindshield
wipers, radio, temperature, and accelerator.19 This is worth noting as it is estimated that there are currently 23 million cars
connectedtotheInternetinsomecapacity,afigurethatisexpectedtoriseto152millionby2020.20Whileithasbeenpointed
outthathackingacarrequiresanInternetcellularservicetoaccessremotely,andindividualswouldhavetoproactivelyresearch
thecaranditsmechanicspriortotheattack,itisindicativeofhowtechnologiesarebeingdevelopedforfunctionalityandnot
security in mind.21
• Medicaldevices:2015revealedthatthousandsofmedicaldevicesweresusceptibletobeingexploitedbyhacking.22 MRI scanners,
x-raymachines,anddruginfusionpumpswereamongthedevicesthatresearchersidentifiedasbeingvulnerabletoattacks.23
SomeofthesedevicesweredesignedtobeInternetaccessible,whileothershadconfigurationerrors,andinsomecases
still used default passwords.
SCADA and Medical Devices: A New Medium for Malware Propagation
We anticipate healthcare to be the most at risk for network and physical compromise due to the emergence of IoT technology. We observed
the pandemic infections of medical devices through Citadel, Zeus, and Conficker malware. Many of these infections were spread by the
introduction of USB thumb drives from employees loading data onto these devices, which presents another issue: lack of enterprise
management functionality. Unfortunately, there’s no effective solution to enforce enterprise security patches and updates to medical devices
without network connectivity. Medical devices left unpatched are exposed to external forces that seek to exploit the inherent vulnerabilities
of those devices (i.e., lack of firmware patching).
19 http://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/ 20 http://www.cxotoday.com/story/rethinking-it-security-in-the-iot-era/ 21 http://www.scientificamerican.com/article/why-car-hacking-is-nearly-impossible/ 22 http://www.pcworld.com/article/2987813/thousands-of-medical-devices-are-vulnerable-to-hacking-security-researchers-say.html 23 http://www.wired.com/2015/04/drug-pumps-security-flaw-lets-hackers-raise-dose-limits/
18Information Security Threat Landscape: Recent Trends and 2016 Outlook | © 2016 LookingGlass Cyber Solutions™
Likewise, we’ve seen malware propagation through USB devices on “air-gapped” SCADA systems for the same reasons. Both the U.S. Computer
Emergency Response Team (US-CERT) and the US-CERT’s Industrial Control System-CERT (ICS-CERT) have reported malware infections
distributed unknowingly by employees performing routine maintenance on SCADA control systems. These events led to power outages spread
by USBs embedded with “known” and “sophisticated” malware. We see SCADA and medical devices susceptible to compromise or attack if
there is no industry-wide acceptance of a standard or firewall solution to prevent malware from infecting these systems.24
IoT: A Future Cyberwar Through DoS and Botnets
While many IoT devices may be in and of themselves benign, connecting them together can prove to be a tremendous disruptive
force. Given the volume of IoT devices becoming operational each day, many of which have less than adequate security precautions
enacted, it is easy to see how malicious actors can fabricate a device-diverse botnet army. In one notable incident, a malicious attacker
created a botnet out of 900 Linux-based closed circuit security cameras to conduct a denial-of-service (DoS) attack against an unnamed
cloud service provider.25
As IoT becomes more mainstream, there is the real possibility that it will be incorporated into critical infrastructures, particularly the technology
that supports SCADA systems. The IoT’s ability to bring instantaneous safety alerts, streamline SCADA management, and automate load
balancing is seen as a great benefit to these systems. However, there are currently no security standards for critical infrastructures to comply
with and any available guidelines are few and far between. In addition, many of these assets still rely on outdated software, yet once these
systems are updated, they will quickly again become outdated. So, until there are specific cyber security standards for critical infrastructure,
assets such as power plants, power grids, and steel mills need to be aware of security issues that can arise due to the IoT.
Connecting IoT devices together can prove to be a tremendous disruptive force that could result in a device-diverse botnet army.
24 https://ics-cert.us-cert.gov/sites/default/files/ICSJWG-Archive/QNL_SEP_15/ICSJWG_QNL_September%202015.pdf 25 http://www.engadget.com/2015/10/25/cctv-camera-botnet/
19
Information Security Threat Landscape: Recent Trends and 2016 Outlook© 2016 LookingGlass Cyber Solutions™
Small Businesses Will Be Under AttackFor years, threat actors have targeted larger corporations for their placement and access to Personally
Identifiable Information (PII). In 2016, however, as larger corporations strengthen their security measures
and heighten their awareness, we see threat actors shifting their focus from large businesses to
small-and-medium-sized businesses (SMBs). This shift will occur as a result of SMBs’ lower security barriers
and their role as third-party vendors to larger corporations, as well as the proliferation of open source
network stress testing and denial-of-service (DoS) attack applications, all of which make SMBs bigger targets.
SMBs often lack the robust IT support and/or security infrastructure of larger organizations. They have little
overhead to invest in cyber security, frequently cut costs by purchasing hardware that lacks the support
of a bigger retailer that can provide firmware patches to their products, and rarely invest in security that is
adequately proportionate to the confidentiality, integrity, and availability (CIA) of their data. Many small business
owners feel they don’t require any additional security since they feel they have adequate coverage.26
Conversely, larger companies are now taking security more seriously and adopting stronger security measures
to better protect their organization’s data and intellectual property, which makes SMBs easier targets of
The 2016 Threat Landscape
02SECTION
26 http://www.nationwide.com/about-us/111015-cyber-security.jsp
20Information Security Threat Landscape: Recent Trends and 2016 Outlook | © 2016 LookingGlass Cyber Solutions™
opportunity, or “low hanging fruit.” Novice hackers can now leverage exploit
kits (EK), to automate the discovery of vulnerabilities on SMB servers or
websites lacking adequate security or countermeasures.
These lower security measures and the fact that SMBs often serve as
third-party vendors for bigger companies, allow them to act as potential
gateways of compromise to larger corporations. Their placement and
access to proprietary information and intellectual property, as well as
their increased reliance on cloud networking makes them prime targets
for hacktivists, cybercriminals, and advanced persistent threat (APT)
actors. This was seen in the recent VTech data breach, where account
information was compromised through a third-party app and servers,
and more famously with the breach of the second-largest discount
retailer in the U.S. three years ago.27
Threat actors have also shifted their focus to SMBs because of the
relatively recent automation of cybercrime. A DDoS attack capable
of bringing down a network no longer requires the skillful touch of a
sophisticated cybercriminal. The advent of source code-sharing sites
like GitHub and Pastebin means novice-level hackers can now easily
download “DDoS attack tools” or copy/paste “attack scripts” written by
more experienced and knowledgeable black hat hackers.28 For instance,
hacktivists with little to no experience can now access the High Orbit
Ion Cannon (HOIC) or Low Orbit Ion Cannon (LOIC) du jour to attack
the target of their choosing.
27 http://www.cioinsight.com/security/slideshows/the-worst-data-breaches-of-2015.html 28 https://www.incapsula.com/ddos/ddos-attack-scripts.html
21Information Security Threat Landscape: Recent Trends and 2016 Outlook | © 2016 LookingGlass Cyber Solutions™
Likewise, novice-level hackers can now leverage exploit kits to spread malware to
vulnerable businesses. These EKs “automate” the targeting, scanning, and infection
of vulnerable sites by providing an “all-in-one” solution to the user. The difference
between DoS and DDoS “cannons” and EKs is that the EKs’ scanning function
typically searches for targets of opportunity that are susceptible to infection or
malice. EKs are likely to become an increasingly prevalent malware delivery platform
in 2016, and we estimate that SMBs will be the most susceptible to malware delivery
through EKs due to their lack of security awareness and upkeep.29
We also see any small business that conducts online transactions through
point-of-sales (PoS) services or host their website on a free, open-source content
management system (CMS) to have a higher likelihood of being breached.
Since SMBs often focus more on the retention of customer information on internal
databases and less on the security of PoS systems, their slow adoption to new
technologies makes them more vulnerable to attack.30 In fact, SMBs made up
45 percent of PoS malware attacks at the end of 2015.31
Content Management System (CMS) applications continue to be vulnerable to
cross-site scripting (XSS) and SQL injection (SQLi) attacks, and lack the proper
safeguards to protect confidential customer and employee information. Specifically,
we noticed an increasing trend of threat actors targeting federal credit unions
using WordPress for online banking transactions. These CMS applications lack
the proportionate level of security that a financial institution needs leaving them
woefully inadequate in the ever-evolving threat landscape.
29 http://www.switchfast.com/switchfast-blog/2013/9/4/rising-mobile-threats-from-banking-malware-and-fraudulent-dating-apps.aspx 30 http://blog.trendmicro.com/trendlabs-security-intelligence/operation-black-atlas-endangers-in-store-card-payments-and-smbs-worldwide-switches-between-blackpos-and-other-tools 31 http://www.tripwire.com/state-of-security/latest-security-news/report-smbs-heavily-hit-with-pos-malware-attacks-exploit-kits-in-q3-2015/
HOIC: Cross-platform DDoS “flood” tool
capable of executing high-speed, multi-
threaded HTTP Floods with boosters
(VBscripts that randomize the HTTP headers).
LOIC: Although similar to HOICs, LOICs
generate high volumes of TCP, UDP, and
HTTP traffic to flood network services and
disrupt business continuity.
EK/Exploit Packs: Set of malicious tools used
to automate the delivery of malware by
exploiting vulnerabilities on websites running
outdated or insecure applications. They
provide cybercriminals with turnkey platforms
that deliver malware for their potential
monetary or informational gain.
HOIC vs. LOIC vs. EK
22Information Security Threat Landscape: Recent Trends and 2016 Outlook | © 2016 LookingGlass Cyber Solutions™
Rise In Compromised Internal Communications SystemsInternal chat systems have become a staple in many companies. They cut
down on emails, minimize noise in the workspace, facilitate collaboration on
projects, and allow for a more instant connection with coworkers that email
does not provide. As software-as-a-service (SaaS) becomes increasingly more
common in business environments, employees will find themselves using
different chat programs than in previous years, opening the door for new
vulnerabilities and attacks. Not only will these new solutions be a burden for
IT teams with all of the possible vulnerability patches and additional upgrades
to maintain these systems, they will also likely be the source of new leaks in
2016 as malicious actors continue to exploit unmitigated threats in existing
infrastructure and leapfrog into new productivity suites to search for data.
Many chat platforms piggyback on existing infrastructure such as Outlook
servers or locally controlled servers to keep work conversations within internal
corporate networks. While this allows for more secure communication, emerging
solutions, such as Facebook Work and other virtualized group chat/video suites
could possibly create a set of new, Zero-day vulnerabilities for corporations to
face. In 2015, HipChat’s files were hacked and some customers’ usernames,
email addresses, and encrypted passwords were compromised.32 Similarly,
in 2015 Slack’s central database was hacked and threat actors gained access
to email addresses, phone numbers, and any other information provided on
a users’ profile.33
32 http://www.securityweek.com/hackers-compromise-business-im-service-hipchat 33 http://www.computerworld.com/article/2902960/slack-hacked-compromising-users-profile-data.html
23Information Security Threat Landscape: Recent Trends and 2016 Outlook | © 2016 LookingGlass Cyber Solutions™
Incidents like these shine a light on the fact that there are no standard security regulations for new systems, making them an easy way for
threat actors to enter corporate networks and access sensitive data. If this is a concern for your management or IT teams, a list of suitable
locally hosted chat suites can be found with some quick searching on Google.34 Locally-hosted server chats remove the third-party host (cloud)
from the attack vectors, leaving security within the company and not in the hands of a vendor who may have hundreds of clients to monitor
and secure. These solutions may be cost neutral or potentially cost saving based on deployment and software chosen.
The BYOD environment also plays into this problem as more and more employees use personal devices at work. Many employees are now using fully
integrated remote access systems, instead of just email-based delivery devices, which opens them up to man-in-the-middle or other attacks based on those
devices. For example, if an employee with an unsecured phone discusses confidential matters via a corporate chat app and the phone is breached, then the
hacker now has access to everything discussed on that platform. It is not beyond the realm of possibility for a hacker to breach a corporate network from a
compromised phone or app. The simplicity of intercepting such content necessitates corporate policy on BYOD that requires VPN and encrypted chat protocol.
Employers with a BYOD environment should create an agreement with employees allowing routine scanning and monitoring of their device for
security concerns. IT teams can set policy and rules to disallow all but specifically approved work applications from gaining access to servers.
As an added layer of protection, IT managers can index the addresses of all BYOD devices and set a data transfer cap to remote (non-internal)
IP addresses to prevent/minimize any remote data exfiltration by compromised authorized devices.
As more chat systems are developed, companies need to develop standard rules for the use of these solutions. Those with BYOD policies
should conduct a risk/benefit evaluation to reveal any threats or attack vectors that current policies do not acknowledge, such as infected
...there are no standard security regulations for new chat and IM systems, making them an easy way for threat actors to enter corporate networks...
34 https://sameroom.io/blog/self-hosted-team-chat-options-and-alternatives/
24Information Security Threat Landscape: Recent Trends and 2016 Outlook | © 2016 LookingGlass Cyber Solutions™
personal devices, outdated software/hardware, improper login
methods, patching, or misconfigured security protocols, among others.
Compromises will occur, and the BYOD environment exponentially
increases potential access vectors to malicious actors. The balance
between policy and access remains a decision for each executive
team to determine.
Evolving Threat Landscape Will Be A BarrierToTheCyberInsuranceMarketSecurity researchers estimate that the cyber insurance market will triple
in size to $7.5 billion in annual premiums by 2020. Others predict that the
cyber insurance market could grow to $20 billion by 2025.35 While the
concept of cyber insurance is nothing new, the volatility of a constantly-
evolving threat landscape will affect the widespread adoption of cyber
insurance policies, specifically by large businesses.
The introduction of Internet-connected devices embedded with electronics,
software, and sensors (aka the Internet of Things or IoT) has played a
huge role in the evolution of the threat landscape, creating a barrier to
entry for insurers. Due to the nascent proliferation of IoT and IoT devices,
underwriters lack the historical context necessary to write accurate
insurance policies. Without this data, they will be unable to fully understand
cyber attacks and the threat landscape, making it harder to statistically
predict the probability of future attacks. Part of the reason for the lack of
actuarial data is because many organizations are not required to disclose
35 http://www.reuters.com/article/2015/09/13/cyber-insurance-survey-idUSL5N11G40A20150913#QGIVRs4rmUBT6eUt.97
25Information Security Threat Landscape: Recent Trends and 2016 Outlook | © 2016 LookingGlass Cyber Solutions™
a breach, or breaches are “small” enough that they are under the disclosure
threshold, so actuaries do not have access to pertinent information due to lack
of information sharing. Further complicating this issue is the fact that IoT devices
provide a much more numerous attack surface for malicious actors.
As a result, insurers have been forced to increase insurance premiums
to remain profitable while assuming responsibility for uncertain risk. They
end up charging high prices for cyber coverage and putting a ceiling on
potential losses, which, in turn, deters companies from buying cyber polices.36
Predicting declining investor confidence and brand damage for a company
also makes underwriting insurance policies difficult within the context of
secondary and tertiary effects of a breach.
Although analysts at Frost & Sullivan predict that the cyber insurance space is
expected to become more competitive and driven by rapid adoption of cloud,
mobility, and the Internet of Things (coupled with growth of cyber threats
and data breaches), we find it unlikely that more insurance companies will
step in to provide cyber insurance policies that offer more than just blanket
compensation and protection from liability in the event of a cyber attack.37
SMBs, not Enterprises, Will Be First to Adopt Cyber Insurance Policies
Unlike most insurance plans that rely on already established categories
based on actuarial data, cyber insurance requires historical analysis of
cyber attacks to include the tactics, techniques, and procedures of actors
36 http://www.reuters.com/article/2015/09/13/cyber-insurance-survey-idUSL5N11G40A20150913#QGIVRs4rmUBT6eUt.97 37 http://www.ibamag.com/news/analyst-predicts-rise-in-cyber-insurance-competition-us-insurer-opens-incident-response-site-26900.aspx
26Information Security Threat Landscape: Recent Trends and 2016 Outlook | © 2016 LookingGlass Cyber Solutions™
breaching companies. However, since there is no current national requirement for companies to report breaches, insurance companies
may lack the necessary information to calculate, predict, and underwrite legitimate cyber insurance policies.
As a result, enterprises will likely remain largely self-insured or obtain self-insured retention (SIR) policies. Conversely, small and medium-sized
businesses (SMBs) will quickly adopt cyber insurance policies because they offer more than just compensation and protection from liability in
the event of a cyber attack.38
A common misconception is that hackers do not target small businesses and instead pursue big businesses for higher profit. In fact,
hackers prefer targets of opportunity, and SMBs are frequently targeted because of their insecure and under-protected infrastructure.
Although conventional insurers like ACE, AIG, AXA, the Beazley Group, Chubb, Ergo, Hiscox, and Zurich continue to go after the cyber
insurance market, they have been met with stiff competition from “disruptors” like Google and Apple that are more marketable due to
brand name recognition.39 SMBs and Millennials may look to these brands as an affordable and more robust alternative to cyber insurance
and may be more inclined to trust brands with which they are more familiar. As such, SMBs could further influence the future of the cyber
insurance landscape if they choose to support these non-traditional insurance players. Brand reputation and brand names may prove more
lucrative in the insurance market than traditional insurers as they take advantage of an industry without standardized insurance policies or
underwriting practices.
Enterprises will likely remain self-insured… Conversely, small and medium-sized businesses (SMBs) will quickly adopt cyber insurance policies.
38 http://www.ibamag.com/news/analyst-predicts-rise-in-cyber-insurance-competition-us-insurer-opens-incident-response-site-26900.aspx 39 http://www.reuters.com/article/us-cyber-insurance-survey-idUSKCN0RD0XO20150913
27Information Security Threat Landscape: Recent Trends and 2016 Outlook | © 2016 LookingGlass Cyber Solutions™
Rise of Security Benchmarking
Enterprises are also offsetting liability by placing the burden on SMBs
through the negotiation of contractual agreements that require third-parties
to maintain high security standards. Doing so effectively turns SMBs into
proxies to absorb the costs of cyber insurance. As a result, we expect to see
vendor partners, clients, and cyber insurers turning to security benchmarking
services that evaluate security behaviors in order to help organizations
manage third-party risk and negotiate cyber premiums. Security benchmarks
will help larger companies decide whether they should do business with
these third-party SMBs, and may force SMBs to develop and maintain strong
security controls or risk losing business with enterprise organizations.
As these types of services become mainstream and gain market share,
we expect to see more companies being held to a higher standard, since
an unfavorable security benchmark ranking could cost SMBs sizeable
business deals.
The one concern with security benchmarking services is the reliability of their
ratings. If those scores are later determined to be inflated or inaccurate, they
could have a negative impact on prospective vendors.
The current vendor review process depends on questionnaires without any
quantifiable data. SMBs will need to start thinking about their scores based
on, in some cases, automated risk valuation tools. Even if the findings are not
critical, the overall score could stand in the way of landing deals or getting a
cyber insurance policy. Chief Information Security Officers (CISOs) need
to be aware, informed, and understand what impacts the score.
28Information Security Threat Landscape: Recent Trends and 2016 Outlook | © 2016 LookingGlass Cyber Solutions™
Problems with Government Regulation
Although some insurance markets are regulated by government guidelines for minimum coverage, we do not expect to see any
government intervention mandating cyber insurance. Government entities tend to be reactive, rather than proactive, on consumer risks
relating to information technology topics and traditionally take a conservative approach to evaluating those risks. Part of the problem is that
governmental bodies can only set guidelines to the lowest common denominator based on already reported compromises. This means that
federal oversight on cyber insurance would only evaluate cyber risks on existing data, but lack the wherewithal to keep pace with a constantly
changing threat landscape. In other words, government engagement on the issue would be sluggish at best. This also means that federal
guidelines would emphasize policies that only require businesses to meet the most basic minimum standards without an incentive to do
more than what is required.
Social Engineering Attacks To Play A Larger Role In Security Breaches Social engineering – the practice of using non-technical methods to trick people into doing something they would not normally do otherwise
– is not a new attack method. Threat actors have been researching their target victims by analyzing their social media profiles and Internet
footprint and then forming relationships with them for years.
In 2016, we will likely see social engineering evolving in the following ways:
• Morecompromisesofcorporatenetworks
• Increaseduseofpretextingbyallthreatactors,especiallyhacktivists
• Agreaterroleinhacktivistactivity
Compromised Corporate Email
Business Email Compromise (BEC) is a growing and sophisticated scam that, according to the FBI, targets “businesses working with foreign
suppliers and/or businesses that regularly perform wire transfer payments.” Threat actors compromise legitimate business email accounts
through social engineering and/or computer intrusion techniques to conduct the unauthorized transfers of funds. BEC used to be called
the Man-in-the-E-mail Scam, but was renamed to focus on the business aspect of the scam.
29Information Security Threat Landscape: Recent Trends and 2016 Outlook | © 2016 LookingGlass Cyber Solutions™
BEC grew 270 percent from January 2015 to August 2015, with scams reported in all 50 states and in 79 countries. Outgoing transfers
have been reported going to 72 countries; however, the majority of the transfers are going to banks located within China and Hong Kong.40
From October 2013-August 2015, there were an estimated 8,179 victims of BEC, with a dollar loss of $798,897,959.25.41
BEC scams are carried out in four ways42/43:
1. “The Bogus Invoice Scheme”/”The Supplier Swindle”/“Invoice Modification Scheme: Businesses receive an invoice
from a familiar supplier and are asked to pay it via wire funds.
2.“CEOFraud”/”BusinessExecutiveScam”/“Masquerading”/“IndustryWireFrauds”:Employeesreceiveaspoofedemail
fromtheCEOoranotherhigh-rankingexecutivefromtheircompanyaskingforawiretransfer.
3.EmployeeEmailHack:Anemployee’spersonalemailaddressishackedandemailsfromthecompromisedaccount
aresenttovendorsrequestinginvoicepaymentsorcontactlists.
4.Lawyer/LawFirmEmails:Employeesarecontactedbyalawyerorrepresentativeofalawfirmandareasked
to transfer funds to handle a “time-sensitive” matter.
Pretexting
Pretexting (‘pretending’ + ‘texting’) is a social-engineering tactic, similar to phishing, used to steal private information by exploiting publicly
available information. However, instead of using emails to lure potential victims into revealing sensitive or proprietary information, pretexting
involves a more human element because targets are engaged directly. Pretexting can be one of the quickest, easiest, and low-cost/
low-sophistication ways to obtain information from unsuspecting employees.
We anticipate cyber threat actors associated with hacktivist organizations or organized crime groups to continue pretexting activity to
obtain confidential or restricted information from financial institutions, which may affect the integrity of customer data.
40 http://www.ic3.gov/default.aspx 41 http://www.ic3.gov/media/2015/150827-1.aspx#fn1 42 https://www.ic3.gov/media/2015/150122.aspx 43 http://www.ic3.gov/media/2015/150827-1.aspx#fn1
30Information Security Threat Landscape: Recent Trends and 2016 Outlook | © 2016 LookingGlass Cyber Solutions™
Additionally, any true change in pretexting methods will
come from federal prosecution of companies that fail
to protect consumers from pretexting activity. 2015 saw
a new direction into the enforcement of the Gramm-
Leach-Bliley Act (GLBA), with several companies fined
for not properly training their employees in pretexting
techniques leveraged by groups like Lizard Squad, who
employ pretexting to obtain login IDs, passwords, and
corporate intranet information.44
Hacktivism
We saw social engineering begin to play a greater role
in hacktivist activity towards the end of 2015 when the
CIA Director and the Department of Homeland Security
Secretary’s non-government email accounts were
accessed by hacktivists. In both cases, the alleged
hacker said he was motivated both by politics and by the
desire to shame the government. Hacktivists will likely
continue to gather Personally Identifiable Information (PII)
and public information and pictures from social media
sites.45 Thus, public officials, law enforcement officers,
and executives and their family members should remain
vigilant about what they share online.
44 http://www.jdsupra.com/legalnews/fcc-fines-cable-operator-following-data-78874/ 45 http://www.ic3.gov/media/2015/151118.aspx
• Employee at X company (8 yrs)• Worked on Project X• Engineer for X Project• Personal item• Personal item
Once the reconnaissance phase is completed, the actors engage the targets
themselves, often creating elaborate stories to get them to unwittingly divulge details
that would otherwise remain private.
Typically these social engineering activities consist of reconnaissance activity, where the actor
performs research on their targets by analyzing their social media profiles and internet footprint
before engaging with the target themselves.
Actor researches target...
Actor contacts target...
Target engaged...
Victim divulges information to actor
31Information Security Threat Landscape: Recent Trends and 2016 Outlook | © 2016 LookingGlass Cyber Solutions™
The Importance of Cyber Security Training
The weakest link in an organization’s IT security plan is often its own employees. According to a 2015 report, 45 percent of employees
have not received cyber security training.46
BecauseoftheGramm-Leach-BlileyAct(GLBA),employersarenowresponsibleforprovidingtrainingtoemployees
so that employees are aware of those who:47
• Use“false,fictitious,orfraudulent”statementsordocumentstogetpersonalinformation
• Use“forged,counterfeit,lost,orstolen”documentstogetpersonalinformation
• Recoverpersonalinformationwhichwasobtainedorreceivedbyanotherperson
The GLBA applies to financial institutions and other organizations that collect financial information. Recently, we’ve see government agencies
such as the Federal Trade Commission (FTC) and Federal Communications Commission (FCC) starting to enforce the guidance of this act and
based on this new activity, we see these guidelines spreading to other sectors.
Hacktivists will continue to evolve their tactics to use social engineering more often as a way to try to embarrass, discourage, exploit, and
attack their targets. Social engineering offers hacktivists unprecedented access to personal and professional information, which could be
used for malicious means, including derailing political campaigns, impersonation, exposing alleged cover-ups, releasing embarrassing
personal details to the public, and exploiting C-level corporate executives. As hacktivists continue to be successful in attacking their targets,
especially high-profile officials and individuals, more hacktivists will turn to social engineering as a legitimate and relatively safe attack vector.
If employees are not aware of social engineering tactics, like compromised emails or pretexting, their company may be fined by federal
agencies for failure to protect confidential customer data.
46 https://www.comptia.org/resources/cyber-secure-a-look-at-employee-cybersecurity-habits-in-the-workplace 47 https://www.ftc.gov/tips-advice/business-center/privacy-and-security/gramm-leach-bliley-act
32
Information Security Threat Landscape: Recent Trends and 2016 Outlook© 2016 LookingGlass Cyber Solutions™
The availability and accessibility of data and information, as well as the ease of use of hacking tools, means anyone with
access to an Internet-connected device can launch an attack, putting all businesses – not just large corporations – at
risk. The advent of Bitcoin has made it easier for criminals to buy and sell hacking tools, as well as given them additional
incentive to monetize malware. This accessibility, availability, and “interoperability” of code and networked-devices also
means that nation-state actors can take advantage of the same tools criminals are using with equal impunity.
As companies continue to embrace the Internet of Things (IoT), which has expanded to heating/ventilation/air conditioning
(HVAC) systems, lights, video surveillance, identification cards, and even vending machines, cyber and physical security can
no longer be seen as two separate issues. In the past, threat actors could attack a company’s network, steal data, etc. and it
would largely remain a cyber issue with little effect on the physical aspects of a corporate building. However, today, if threat
actors attack a network that also controls a building’s access points, then that cyber attack is a physical attack as well. Threat
actors could lock employees out, allow unauthorized people in, or steal data that could be used in a greater social engineering
attack. Today’s companies must take a unified approach to both cyber and physical security, recognizing that while they may
not ever fully converge into one, their operations are becoming increasingly reliant on one another to be successful.
It is more important than ever for companies to invest in a more robust cyber security posture. Companies should actively
monitor their networks and networked resources to identify potential threats, as well as provide regular security awareness
training for their employees so they don’t fall for social engineering tactics like phishing emails or pretexting. Security awareness,
from the top down, is one of the easiest ways to combat these ever-growing and commonplace threats in the workplace.
Conclusions
While your network may be secure, do you have visibility beyond the perimeter? Security is no longer about what you can see. What you can’t see is where the true threats hide.
Cyveillance, a LookingGlass Cyber Solutions company, offers an easy-to-use platform that enables security professionals the ability to see beyond the perimeter. Our solutions identify cyber and physical threats and risks across the globe, allowing you to mitigate and eliminate them before they disrupt your business.
We go beyond data to provide the threat intelligence that you need to achieve your organization’s business goals. Contact us today to learn more and get a free trial.
Using security intelligence technology can save companies up to $2.6 million when compared to companies not using security intelligence technologies. “2014 Global Report on the Cost of Cyber Crime.” Ponemon Institute; HP. 3 Dec. 2014. http://www8.hp.com/us/en/software-solutions/ponemon-cyber-security-report
Cyber Threat Center
www.cyveillance.com/cyberthreatcenter
11091 Sunset Hills Road, Suite 210 Reston, Virginia 20190 Toll-Free: 888.243.0097 | Headquarters: 703.351.1000www.cyveillance.com [email protected]
© 2016 LookingGlass Cyber Solutions. All rights reserved. Cyveillance is a registered trademark of Cyveillance, Inc.
All other names are trademarks or registered trademarks of their respective owners
LookingGlass Cyber Solutions delivers advanced, comprehensive threat intelligence-driven solutions in four categories: machine readable threat intelligence (MRTI), threat intelligence management (TIM) with over 140 data sources transformed into threat intelligence, threat intelligence services, and threat mitigation. LookingGlass enables security teams to efficiently, effectively address threats at every stage of their lifecycle. For more information, visit www.lgscout.com.
Cyveillance, a LookingGlass Cyber Solutions company, is the leading provider of cyber threat intelligence, enabling organizations to protect their information, infrastructure, and employees from physical and online threats found outside the network perimeter. Founded in 1997, Cyveillance delivers an intelligence-led approach to security through continuous, comprehensive monitoring of millions of online data sources, along with sophisticated technical and human analysis. The Cyveillance Cyber Threat Center, a cloud-based platform, combines web search, social media monitoring, underground channel information, and global intelligence with investigative tools and databases of threat actors, domain names and IP data, phishing activity, and malware. Cyveillance serves the Global 2000 and the majority of the Fortune 50 – as well as global leaders in finance, technology, and energy – along with data partners and resellers. For more information, visit www.cyveillance.com.