Information Security Threat Landscape - LookingGlass Cyber€¦ · Some of the biggest data breaches – Home Depot and CVS – were caused by supply-chain issues, resulting in data

A LOOKINGGLASS CYBER SOLUTIONS™ WHITE PAPER | FEBRUARY 2016

Information Security Threat Landscape:

Recent Trends and 2016 Outlook

2

Information Security Threat Landscape: Recent Trends and 2016 Outlook© 2016 LookingGlass Cyber Solutions™

Executive Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

2015: Year In Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

The 2016 Threat Landscape . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

Conclusions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32

Table of Contents

Information Security Threat Landscape: Recent Trends and 2016 Outlook | © 2016 LookingGlass Cyber Solutions™ 3

2015 was another landmark year for the information security world, which was dominated by the ever-changing threat landscape . We saw new and sophisticated malvertising campaigns and a shift in hacktivists’ tactics . There was an increased scrutiny on vendor and third-party security practices as a result of several large breaches, as well as growing concern over the lack of security awareness training programs for employees .

The Internet of Things (IoT) is expanding in a dramatic way, bringing to question the issue of availability versus security, as security measures are having a difficult time keeping pace with the development of IoT devices . The introduction of more efficient semiconductors, coupled with revolutionary technology that allows semiconductors to store as well as process complex instructions, means that the IoT may be a more attractive target for hackers . IoT devices from healthcare and industrial systems (i .e ., SCADA) could be the most at risk for significant service interruptions and may have secondary and/or tertiary effects on other industries .

IoT devices may also become more of a hacker target due to their mass proliferation, rapid development, and popularity . Devices like refrigerators can serve as proxies or slaves in a botnet that distributes malware across the Internet . They could also serve a more nefarious purpose by stealing credentials from your Wi-Fi and infecting small office/home office (SOHO) routers .

In 2016, we see hacking no longer constrained to highly sophisticated threat actors with detailed knowledge of network technologies and programming . Concepts such as ransomware-as-a-service (RaaS), cybercrime-as-a-service (CaaS), botnets-as-a-service (BaaS), and malware-as-a-service (MaaS) have become part of the common lexicon . The development of tools, open-source databases, and the propagation of cyber crime forums means a person with average computer skills is just as likely to pose a threat as an experienced hacker or nation-state . We anticipate this becoming a major issue for small and medium-sized businesses (SMBs) that typically have lower security barriers than large businesses .

Social engineering will continue to be a problem, with pretexting playing a bigger role in campaigns aimed at manipulating their targets . Cyber insurance will also experience an increased focus as enterprise organizations seek “risk transference” as a result of their third-party relationships with SMBs .

Executive Summary

4


Vendor Security Under Increased Scrutiny As A Result Of Outsourcing And High-Profile Breaches Outsourcing corporate data management to third-parties is the new reality for many companies, especially

larger businesses. This caused big problems in 2015 for companies that didn’t evaluate the security

posture of their vendors. Some of the biggest data breaches – Home Depot and CVS – were caused by

supply-chain issues, resulting in data privacy and security practices of vendors and third-parties becoming

a primary concern.

While most companies take their own cyber security seriously, they often overlook the cyber security

profile of their vendors. According to the New York State Department of Financial Services’ 2015 report,

nearly a third of 40 banks surveyed did not require their third-party vendors to notify them in the event of

an information security breach or other cyber security breach.1

Malicious actors are constantly looking for weaknesses and security gaps in vendors’ networks to gain

access to specific organizations, whether it’s through a HVAC vendor or payroll processor. They rely highly

on human error and lack of cyber safety awareness to help them victimize their targets. Many times, threat

actors target third-party vendors because they are small and medium-sized businesses (SMBs) with lower

2015: Year In Review

01SECTION

1 http://www.dfs.ny.gov/reportpub/dfs_rpt_tpvendor_042015.pdf

5Information Security Threat Landscape: Recent Trends and 2016 Outlook | © 2016 LookingGlass Cyber Solutions™

security postures that are easier to breach. Companies that outsource

data to third-parties, especially if they are SMBs, need to put a heavier

emphasis on proactively vetting their vendors in 2016.

Not only do companies suffer financial repercussions due to breaches,

but they also deal with heightened media attention and brand damage,

which can be seen as more impactful. Approximately 86 percent of the

general public said they would be deterred from doing business with a

company that has been breached, especially if they lost credit and debit

card information.2 Although most consumers still shop at the brands

that have been hit by recent large breaches, according to Ponemon

Institute’s “The Aftermath of a Mega Data Breach: Consumer Sentiment,”

19 percent of organizations that suffered a breach because of a

third-party or IT system failure still felt the repercussions of

reputational and brand damage.3

Managing third-party vendors based on the risks they pose often

requires knowing where they may be weak in order to put policies and

procedures in place to mitigate potential risks. More often than not, it is

up to the organization itself to understand third-party security risks by

performing their own due diligence, putting contractual mechanisms

in place to address potential risks, and vetting third-party vendors.

Assessing and managing vendor risk is an ongoing process that requires

organizations to adopt a holistic approach to vendor-risk assurance and

find cost-effective ways to streamline their processes.

2 http://www.networkworld.com/article/3019930/security/does-a-data-breach-really-affect-your-firm-s-reputation.html#jump 3 http://www.experian.com/data-breach/2014-aftermath-study-consumer-sentiment.html?WT.srch=ecd_dbres_pr_referral


Criminal Organizations And State Actors Leveraged Malvertising Campaigns Throughout 2015, threat actors increasingly turned to spreading malware

by displaying infected advertisements on trusted, reputable, and/or popular

websites. This method, known as malvertising (‘malicious advertising’), is

particularly effective because the malware in these ads are configured to avoid

detection by online publishers and visitors. Infected advertisements placed on

trusted websites either infect devices directly through auto-loaded content or

via redirection to a malicious site. Criminal organizations, as well as state actors,

leveraged malvertising to target small and medium-sized business (SMB)

websites with vulnerable advertisement feeds for the purposes of intelligence

gathering or monetary gain.

Malvertising affects websites running advertisements that are susceptible to

compromises in the Real-Time Ad Bidding (RTB) process, a tactic we expect

to continue into 2016. Threat actors are able to infect ads by infiltrating the

RTB process, in which advertising providers use pre-programmed automated

bidding agents to place bids against one another for the right to display

advertising content to specific users. When leveraged by malicious actors, RTB

uses legitimate advertising servers to provide malware disguised as ads to

popular Internet content providers (i.e., news, sports, entertainment, and social

media websites). Like most malvertising techniques, once a successful bid is

accepted by the advertiser, no indication is provided to the victim that their

browser is being redirected. No additional action is required for the victim in

order for their system to be compromised.4

4 http://www.invincea.com/2014/10/micro-targeting-malvertising-via-real-time-ad-bidding


Malvertisements can appear on frequently visited, well-known websites that

users wouldn’t expect to be infected. This can be especially problematic if

compromised websites are ones that an individual or a system administrator had

already deemed “Trusted” or “Allowed,” because the visitor will continue to go

to those sites and unknowingly open their system up to threats.5 Additionally,

users who typically allow pop-up windows, rich content (i.e., Adobe Flash), and

software installation from these websites may easily facilitate the installation of

malware directly onto their computers.

Last year, a U.S. Department of Defense (DoD) contractor who provided a “full

service ecommerce site” to acquire commercial-off-the-shelf (COTS) products

for the DoD and other state and federal agencies was infected with malvertising

via an ad network.6 This attack, and ones similar to it, can give threat actors

access into secure networks and the potential to breach not only government

contractors, but also government agencies themselves.

Another reason malvertisements are so dangerous is because they can

be customized to target specific user profiles. For example, victims can be

targeted based on user-agent strings, Internet Protocol (IP) address geolocation

information (down to a specific neighborhood), corporate IP address ranges,

visitor’s browser history, and profiles derived from cookies. If the victim’s profile

does not match the hacker’s criteria, either the hacker’s automated system does

not enter the RTB auction, or the hacker sets his or her system to lose the bid.7/ 8

5 https://web.archive.org/web/20150312182526/http://www.wired.com/2014/11/malvertising-is-cybercriminals-latest-sweet-spot 6 http://www.cyphort.com/dod-contractors-website-clean-navy-serving-drive-exploits/ 7 http://www.wired.com/2014/11/malvertising-is-cybercriminals-latest-sweet-spot 8 https://support.google.com/adxbuyer/answer/6136272?hl=en&rd=1


Malvertising is expected to remain an issue in 2016 due to the complexity of current online advertising practices that make it difficult to

attribute a malvertising campaign or attack to a specific individual or group. Additionally, there remains a lack of incentive for ad networks to

police themselves and question the advertising content they host. SMBs should especially be aware of how these ad networks fail to retain

control over their hosted content due to the amount of effort required to monitor advertisements for their reliability and trustworthiness.

Because of this, malvertising will likely assume a more sinister role against contractors, as many SMBs serve as gateways to government

agencies and/or large businesses or have “placement and access” to sensitive consumer and business information.

Until there is a way to prevent malvertising, security teams and users should:

• Keepbrowsersup-to-date

• Disablebrowserplug-ins

• Monitoroutboundnetworktraffic

• Configure‘X-FrameOptions’onwebsitesoremployanti-clickjackingattributesonHTML5webpages

• Useadblockingsoftwareorextensions

• InstallNoScriptorotherbrowser-specificadd-onsthatpreventframesfromactivating


LackofEmployeeSecurityAwarenessIsAMainConcernForMostOrganizationsMost security violations and data breaches can be reduced to a combination of three factors: human error, an under-staffed and under-funded IT

team, or an opportunity seized by malicious actors. In 2015, one percent of employees were responsible for 75 percent of enterprise security risk,

and according to the Identity Theft Resource Center, of the 781 data breaches in 2015, approximately 14 percent could be attributed to employee

error.9/10 In fact, 45 percent of employees have not received cyber security training at work.11 Placing the blame on employees only diverts from

the real issue; a need for organizations to provide adequate security awareness training to prevent some of these breaches in the first place.

When considering budgetary expenditures across all businesses worldwide, the hidden costs of employee errors will likely outpace the

reported $3.8 million average cost of a data breach.12 A common thread leading to data breaches and security incidents is that employees do

not understand authentication and identity verification best practices.

This includes:

• Insecurepasswordpractices,includingnon-standardizedrequirementsleadingtocredentialoverload

• Socialmediauseandpoliciesconcerningconsequencesforbreaches

• Unclear,unenforced,ornonexistentBringYourOwnDevice(BYOD)policies

• Socialengineeringscams

• Phishingattacks

Insecure Password Practices

Employees are often overwhelmed with varying login requirements for an increasing number of systems needed to perform their day-to-day

tasks. Many times, employees use a combination of aging and newer systems; with aging systems typically have less stringent password

9 http://www.csoonline.com/article/2975914/application-security/most-corporate-risk-due-to-just-1-of-employees.html 10 http://www.idtheftcenter.org/ITRC-Surveys-Studies/2015databreaches.html 11 http://www.dailydot.com/politics/cybersecurity-workplace-survey-comptia/ 12 https://securityintelligence.com/cost-of-a-data-breach-2015/


requirements. To get around these non-standardized password

requirements, many use simple passwords, reuse passwords from

personal accounts, or simply create bad (insecure) passwords to pass

the validation check/requirements and avoid credential overload.

This can lead to credentials easily being cracked via bruteforce

or a dictionary attack with rainbow charts. This, combined with

vulnerabilities in the operating systems and software of corporate

servers, databases, and employee computers, can provide an easy

way in for malicious actors.

Some solutions may involve finding common ground amongst systems

and standardizing credential requirements, or possibly integrating

all systems into a single log on portal for employees. Consider the

overhead lost in a 500-employee company with just 10 different

systems available amongst the staff. If the passwords change monthly

or every 3 months, staff productivity is directly impacted by the need

to make, remember, and innovate on passwords.

Unclear, Unenforced, or Nonexistent

Bring Your Own Device (BYOD) Policies

Typically, companies do not have standard security guidelines for their

BYOD policies. Employees end up using devices that are unsecured,

and can serve as access points for threat actors, specifically through

rogue apps downloaded from unregulated marketplaces. Threat actors

can use these gateways to access Personally Identifiable Information

(PII), photos, contact information, emails, calendars, and schedules.


Social Media Use and Policies Concerning Consequences for Breaches

In 2015, we noticed an increasing number of online posts by employees showing their security credentials or accidentally exposing sensitive

workplace information. This may be the result of employees being excited about a new job or possibly not recognizing that this is considered

a security violation. Employers should implement security and social media awareness training to get ahead of these issues.

Social Engineering Scams and Phishing Attacks

Social engineering and phishing have long been known as major contributors to corporate security incidents. Please see our section later

in the paper on our recent observations regarding social engineering.

In 2015, an estimated one in four recipients of phishing emails opened the message, and 11 percent of recipients clicked on attachments.13

Despite the continued fight against spam, the majority of which is phishing messages, the number of people falling victim to phishing attacks

is expected to rise. Threat actors continue to innovate and create new attack vectors designed to exploit the human element and breach the

information security defenses employed to protect organizations against advanced threats.

Additionally, employees are facing increasingly sophisticated requirements for sending PII and Protected Health Information (PHI). These

issues grow exponentially cumbersome as employees work remotely, share workbooks via web portals, or deal with heavy workloads as

additional government regulations roll into effect. All of these factors may lead to mistakes as employees attempt to save time. If not dealt

with, this could expose corporations to risks and legal concerns that may lead to brand and reputation harm as well as damage to the

bottom line.

13 http://www.greycastlesecurity.com/resources/documents/2015_Verizon_Business_Data_Breach_Investigations_Report.pdf

In 2015, one percent of employees were responsible for 75 percent of enterprise security risk.


No matter how trained or qualified someone may be, employers should consider

distributing best practices guides and holding quarterly or monthly training sessions

to address noted trends and emerging threats, and to offer regular reminders. The

“nobody’s perfect” and “even experts need a reminder” attitude needs to be kept

in mind. Organizations need to find a way to customize the message to their

audience and keep it relevant to their work. While this may seem burdensome

at the management level, having these programs in place could prevent millions

of dollars in damages and/or lawsuits and endless media cycles harming your

brand and reputation.

Hacktivism Remained Strong While Geo-PoliticalAttacksDeclinedHacktivists are politically-motivated individuals or groups who seek social change

– versus monetary gain – through hacking. The word “hacktivists” was coined

by researchers, journalists, and cyber security professionals who were trying to

distinguish between different types of threat actors. Hacktivists are often fueled by

an individuals’ need for political participation, and some hacktivists/groups associate

themselves with a particular country, organization, or other entity.

Throughout 2015, hacktivist groups driven by the desire for social change,

brand damage, embarrassment, and in some cases, financial gain continued to

attack their targets. However, geo-political hacktivism, which dominated headlines

in past years following global events such as news of actions in Ukraine, saw a

noticeable decline and the so-called “hacking-for-a-cause” or “broadly acceptable

hacktivism” saw an increase.


Hacktivism remained popular in 2015 due to a number of factors. First, people with

little or no technical skill could conduct low-cost operations to further their causes

through user-friendly hacking tools. These tools can be free, while some groups

develop and offer tools for a fee. A user just needs to find the right underground

forum (and have access to crypto-currency) to launch an attack against any target.

Along the same lines, there was a growing trend of knowledge and information

sharing among members of hacktivist collectives, as well as those interested

in their causes. In the aftermath of the attacks in Paris, hacktivists even

released several guides to help those without technical capabilities get

involved in fighting back against terrorist organizations. The guides offered

information on how to carry out man-in-the-middle and distributed denial

of service (DDoS) attacks.

Second, unlike participating in a physical street demonstration, hacktivism poses

little risk to participants and offers more anonymity, particularly in countries with

strict censorship laws. Most hacktivism cases are never even investigated by

law enforcement agencies, even though many of these attacks are illegal under

domestic crime statutes.14 This is primarily due to the fact that damages are

usually minor and attribution is often difficult. Unless damages are significant

(i.e., a data breach resulting in loss of large sums of money), law enforcement

agencies are unlikely to start an investigation.

Third, hacktivism enables individuals to participate in large-scale distributed

efforts. For instance, persons of a common nationality or cause can join

14 http://www.cybercrimelaw.net/un.html


together, whether residing in their homeland or on foreign soil, in a shared

pursuit of social change. Hacktivism can also mobilize additional segments of

the political community who do not participate offline. This was the case with

many politically fueled hacktivist campaigns, such as the July 2015 hacking of

Planned Parenthood employees by anti-abortion hacktivists.15

In the past, the actions of hackers and hacktivists were viewed by society as

universally wrong. While the theft of money, intellectual property, Personally

Identifiable Information (PII), etc., was (and is) still viewed negatively, if the

hacktivist’s actions helped further a cause or righted a social injustice, their

illegal actions were viewed as morally justifiable. For instance, after the Paris

attacks, some hacktivists waged a cyber war on the organization behind the

attack, taking down many Twitter accounts and websites linked to that group,

as well as spying on the terrorist group’s chats to foil future attacks.

This was also seen with the hacking of the adult dating site Ashley Madison.

After the site was hacked and millions of members’ personal information was

released to the public, some people viewed the hack favorably and as morally

justifiable. Most news segments and public discussions centered around the

identities of those on the site, especially high-profile individuals, and not many

centered on those who hacked into the servers of a private company and

stole data.

This “the ends justifies the means” mentality is becoming more prominent as

activist groups partner with or form hacktivist groups, and as stories of social

15 http://www.dailydot.com/politics/planned-parenthood-hacked-anti-abortion-3301/


injustices become more common on the news. Together this is prompting greater national and international action, aided by the creation

of easy-to-use (and sometimes free) hacking tools and society driving the definition of “good” and “bad” hacktivism. Whether it is through

doxing – the process of gathering or inferring other people’s information such as name, email, address, etc. using publicly available sources –

of a law enforcement officer involved in the death of a citizen, or the defacement of a website for a company involved in animal testing,

the support for hacktivism against public figures and companies that are acting unfavorably or possibly illegally, has been increasingly

seen an acceptable.

TheInternetOfThings:AnExpandingFrontierForHackersLast year saw the Internet of Things (IoT) gain significant traction and momentum across a range of industries, a trend that we expect to

continue for the foreseeable future. The Internet of Things refers to the connection of everyday objects to the Internet making them capable

of sending and receiving data. As we become a more networked society, we expose ourselves to the vulnerabilities inherent in the very

technologies on which we rely. The neoteric nature and rapid pace of development for IoT technologies makes security an afterthought

in many of these devices, providing new avenues for malicious exploitation.

On the surface, IoT leverages such connectedness to facilitate our daily existences, saving time and effort, thereby making us more efficient.

The more products and devices are upgraded with technologies, the more IoT makes its presence known in our lives. In 2015 alone, the

manufacturing ($165 billion) and transportation ($78 billion) sectors led the world in IoT spending with insurance, healthcare, and consumer

verticals estimated to quickly catch up.16 The Asia-Pacific region led the international community with more than 40 percent of worldwide

Security is often an afterthought in the development of many IoT devices, creating new avenues for hostile actors to exploit.

16 http://www.digitaltrends.com/cool-tech/internet-things-spending-will-grow-699-billion-2015-nearly-1-3-trillion-2019/


IoT spending, followed by North America, and Western Europe.

The cusp of growth is so large that it is expected to reach an

estimated $1.3 trillion in spending in 2019.17

Although risks to supervisory control and data acquisition (SCADA)

systems continue to dominate IoT discussions (internet-connected

SCADA systems can be attacked through the availability of

automatic discovery of Internet-facing SCADA devices via the

Shodan search engine), there is no shortage of other Internet-

connected devices (ICDs) – with embedded operating systems –

that will continue to remain vulnerable to infection via malware, or

serve as conduits for the distribution of malware to other devices.

These systems often remain vulnerable to infection due to their

inherent designs, which may not easily allow for enterprise-level

security management or patching, a problem that became an issue

when the Conficker worm infected numerous medical systems

around the world. Even though some of these devices were not

connected directly to the Internet, versions of Conficker spread

through removable media.18 Peripheral and multi-function devices

(MFDs) with embedded operating systems are also increasing as

potential channels for the spread malware if they have network-

accessible segments.

17 http://www.digitaltrends.com/cool-tech/internet-things-spending-will-grow-699-billion-2015-nearly-1-3-trillion-2019/ 18 http://deceive.trapx.com/rs/929-JEW-675/images/AOA_Report_TrapX_AnatomyOfAttack-MEDJACK.pdf?aliId=184622


As we move through 2016, legitimate security concerns have been raised about the IoT that warrant closer inspection. Those vulnerabilities

inherent in IoT devices that researchers have exposed will be taken advantage of by malicious actors.

AmongsomeofthemorenotableproblemswithIoT-relatedtechnologyanddevicesin2015included:

• Hackingcars:Researchersdemonstratedtheabilitytohackacarandcontrolsomeofthecar’sfunctionalitysuchaswindshield

wipers, radio, temperature, and accelerator.19 This is worth noting as it is estimated that there are currently 23 million cars

connectedtotheInternetinsomecapacity,afigurethatisexpectedtoriseto152millionby2020.20Whileithasbeenpointed

outthathackingacarrequiresanInternetcellularservicetoaccessremotely,andindividualswouldhavetoproactivelyresearch

thecaranditsmechanicspriortotheattack,itisindicativeofhowtechnologiesarebeingdevelopedforfunctionalityandnot

security in mind.21

• Medicaldevices:2015revealedthatthousandsofmedicaldevicesweresusceptibletobeingexploitedbyhacking.22 MRI scanners,

x-raymachines,anddruginfusionpumpswereamongthedevicesthatresearchersidentifiedasbeingvulnerabletoattacks.23

SomeofthesedevicesweredesignedtobeInternetaccessible,whileothershadconfigurationerrors,andinsomecases

still used default passwords.

SCADA and Medical Devices: A New Medium for Malware Propagation

We anticipate healthcare to be the most at risk for network and physical compromise due to the emergence of IoT technology. We observed

the pandemic infections of medical devices through Citadel, Zeus, and Conficker malware. Many of these infections were spread by the

introduction of USB thumb drives from employees loading data onto these devices, which presents another issue: lack of enterprise

management functionality. Unfortunately, there’s no effective solution to enforce enterprise security patches and updates to medical devices

without network connectivity. Medical devices left unpatched are exposed to external forces that seek to exploit the inherent vulnerabilities

of those devices (i.e., lack of firmware patching).

19 http://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/ 20 http://www.cxotoday.com/story/rethinking-it-security-in-the-iot-era/ 21 http://www.scientificamerican.com/article/why-car-hacking-is-nearly-impossible/ 22 http://www.pcworld.com/article/2987813/thousands-of-medical-devices-are-vulnerable-to-hacking-security-researchers-say.html 23 http://www.wired.com/2015/04/drug-pumps-security-flaw-lets-hackers-raise-dose-limits/


Likewise, we’ve seen malware propagation through USB devices on “air-gapped” SCADA systems for the same reasons. Both the U.S. Computer

Emergency Response Team (US-CERT) and the US-CERT’s Industrial Control System-CERT (ICS-CERT) have reported malware infections

distributed unknowingly by employees performing routine maintenance on SCADA control systems. These events led to power outages spread

by USBs embedded with “known” and “sophisticated” malware. We see SCADA and medical devices susceptible to compromise or attack if

there is no industry-wide acceptance of a standard or firewall solution to prevent malware from infecting these systems.24

IoT: A Future Cyberwar Through DoS and Botnets

While many IoT devices may be in and of themselves benign, connecting them together can prove to be a tremendous disruptive

force. Given the volume of IoT devices becoming operational each day, many of which have less than adequate security precautions

enacted, it is easy to see how malicious actors can fabricate a device-diverse botnet army. In one notable incident, a malicious attacker

created a botnet out of 900 Linux-based closed circuit security cameras to conduct a denial-of-service (DoS) attack against an unnamed

cloud service provider.25

As IoT becomes more mainstream, there is the real possibility that it will be incorporated into critical infrastructures, particularly the technology

that supports SCADA systems. The IoT’s ability to bring instantaneous safety alerts, streamline SCADA management, and automate load

balancing is seen as a great benefit to these systems. However, there are currently no security standards for critical infrastructures to comply

with and any available guidelines are few and far between. In addition, many of these assets still rely on outdated software, yet once these

systems are updated, they will quickly again become outdated. So, until there are specific cyber security standards for critical infrastructure,

assets such as power plants, power grids, and steel mills need to be aware of security issues that can arise due to the IoT.

Connecting IoT devices together can prove to be a tremendous disruptive force that could result in a device-diverse botnet army.

24 https://ics-cert.us-cert.gov/sites/default/files/ICSJWG-Archive/QNL_SEP_15/ICSJWG_QNL_September%202015.pdf 25 http://www.engadget.com/2015/10/25/cctv-camera-botnet/

19


Small Businesses Will Be Under AttackFor years, threat actors have targeted larger corporations for their placement and access to Personally

Identifiable Information (PII). In 2016, however, as larger corporations strengthen their security measures

and heighten their awareness, we see threat actors shifting their focus from large businesses to

small-and-medium-sized businesses (SMBs). This shift will occur as a result of SMBs’ lower security barriers

and their role as third-party vendors to larger corporations, as well as the proliferation of open source

network stress testing and denial-of-service (DoS) attack applications, all of which make SMBs bigger targets.

SMBs often lack the robust IT support and/or security infrastructure of larger organizations. They have little

overhead to invest in cyber security, frequently cut costs by purchasing hardware that lacks the support

of a bigger retailer that can provide firmware patches to their products, and rarely invest in security that is

adequately proportionate to the confidentiality, integrity, and availability (CIA) of their data. Many small business

owners feel they don’t require any additional security since they feel they have adequate coverage.26

Conversely, larger companies are now taking security more seriously and adopting stronger security measures

to better protect their organization’s data and intellectual property, which makes SMBs easier targets of

The 2016 Threat Landscape

02SECTION

26 http://www.nationwide.com/about-us/111015-cyber-security.jsp


opportunity, or “low hanging fruit.” Novice hackers can now leverage exploit

kits (EK), to automate the discovery of vulnerabilities on SMB servers or

websites lacking adequate security or countermeasures.

These lower security measures and the fact that SMBs often serve as

third-party vendors for bigger companies, allow them to act as potential

gateways of compromise to larger corporations. Their placement and

access to proprietary information and intellectual property, as well as

their increased reliance on cloud networking makes them prime targets

for hacktivists, cybercriminals, and advanced persistent threat (APT)

actors. This was seen in the recent VTech data breach, where account

information was compromised through a third-party app and servers,

and more famously with the breach of the second-largest discount

retailer in the U.S. three years ago.27

Threat actors have also shifted their focus to SMBs because of the

relatively recent automation of cybercrime. A DDoS attack capable

of bringing down a network no longer requires the skillful touch of a

sophisticated cybercriminal. The advent of source code-sharing sites

like GitHub and Pastebin means novice-level hackers can now easily

download “DDoS attack tools” or copy/paste “attack scripts” written by

more experienced and knowledgeable black hat hackers.28 For instance,

hacktivists with little to no experience can now access the High Orbit

Ion Cannon (HOIC) or Low Orbit Ion Cannon (LOIC) du jour to attack

the target of their choosing.

27 http://www.cioinsight.com/security/slideshows/the-worst-data-breaches-of-2015.html 28 https://www.incapsula.com/ddos/ddos-attack-scripts.html


Likewise, novice-level hackers can now leverage exploit kits to spread malware to

vulnerable businesses. These EKs “automate” the targeting, scanning, and infection

of vulnerable sites by providing an “all-in-one” solution to the user. The difference

between DoS and DDoS “cannons” and EKs is that the EKs’ scanning function

typically searches for targets of opportunity that are susceptible to infection or

malice. EKs are likely to become an increasingly prevalent malware delivery platform

in 2016, and we estimate that SMBs will be the most susceptible to malware delivery

through EKs due to their lack of security awareness and upkeep.29

We also see any small business that conducts online transactions through

point-of-sales (PoS) services or host their website on a free, open-source content

management system (CMS) to have a higher likelihood of being breached.

Since SMBs often focus more on the retention of customer information on internal

databases and less on the security of PoS systems, their slow adoption to new

technologies makes them more vulnerable to attack.30 In fact, SMBs made up

45 percent of PoS malware attacks at the end of 2015.31

Content Management System (CMS) applications continue to be vulnerable to

cross-site scripting (XSS) and SQL injection (SQLi) attacks, and lack the proper

safeguards to protect confidential customer and employee information. Specifically,

we noticed an increasing trend of threat actors targeting federal credit unions

using WordPress for online banking transactions. These CMS applications lack

the proportionate level of security that a financial institution needs leaving them

woefully inadequate in the ever-evolving threat landscape.

29 http://www.switchfast.com/switchfast-blog/2013/9/4/rising-mobile-threats-from-banking-malware-and-fraudulent-dating-apps.aspx 30 http://blog.trendmicro.com/trendlabs-security-intelligence/operation-black-atlas-endangers-in-store-card-payments-and-smbs-worldwide-switches-between-blackpos-and-other-tools 31 http://www.tripwire.com/state-of-security/latest-security-news/report-smbs-heavily-hit-with-pos-malware-attacks-exploit-kits-in-q3-2015/

HOIC: Cross-platform DDoS “flood” tool

capable of executing high-speed, multi-

threaded HTTP Floods with boosters

(VBscripts that randomize the HTTP headers).

LOIC: Although similar to HOICs, LOICs

generate high volumes of TCP, UDP, and

HTTP traffic to flood network services and

disrupt business continuity.

EK/Exploit Packs: Set of malicious tools used

to automate the delivery of malware by

exploiting vulnerabilities on websites running

outdated or insecure applications. They

provide cybercriminals with turnkey platforms

that deliver malware for their potential

monetary or informational gain.

HOIC vs. LOIC vs. EK


Rise In Compromised Internal Communications SystemsInternal chat systems have become a staple in many companies. They cut

down on emails, minimize noise in the workspace, facilitate collaboration on

projects, and allow for a more instant connection with coworkers that email

does not provide. As software-as-a-service (SaaS) becomes increasingly more

common in business environments, employees will find themselves using

different chat programs than in previous years, opening the door for new

vulnerabilities and attacks. Not only will these new solutions be a burden for

IT teams with all of the possible vulnerability patches and additional upgrades

to maintain these systems, they will also likely be the source of new leaks in

2016 as malicious actors continue to exploit unmitigated threats in existing

infrastructure and leapfrog into new productivity suites to search for data.

Many chat platforms piggyback on existing infrastructure such as Outlook

servers or locally controlled servers to keep work conversations within internal

corporate networks. While this allows for more secure communication, emerging

solutions, such as Facebook Work and other virtualized group chat/video suites

could possibly create a set of new, Zero-day vulnerabilities for corporations to

face. In 2015, HipChat’s files were hacked and some customers’ usernames,

email addresses, and encrypted passwords were compromised.32 Similarly,

in 2015 Slack’s central database was hacked and threat actors gained access

to email addresses, phone numbers, and any other information provided on

a users’ profile.33

32 http://www.securityweek.com/hackers-compromise-business-im-service-hipchat 33 http://www.computerworld.com/article/2902960/slack-hacked-compromising-users-profile-data.html


Incidents like these shine a light on the fact that there are no standard security regulations for new systems, making them an easy way for

threat actors to enter corporate networks and access sensitive data. If this is a concern for your management or IT teams, a list of suitable

locally hosted chat suites can be found with some quick searching on Google.34 Locally-hosted server chats remove the third-party host (cloud)

from the attack vectors, leaving security within the company and not in the hands of a vendor who may have hundreds of clients to monitor

and secure. These solutions may be cost neutral or potentially cost saving based on deployment and software chosen.

The BYOD environment also plays into this problem as more and more employees use personal devices at work. Many employees are now using fully

integrated remote access systems, instead of just email-based delivery devices, which opens them up to man-in-the-middle or other attacks based on those

devices. For example, if an employee with an unsecured phone discusses confidential matters via a corporate chat app and the phone is breached, then the

hacker now has access to everything discussed on that platform. It is not beyond the realm of possibility for a hacker to breach a corporate network from a

compromised phone or app. The simplicity of intercepting such content necessitates corporate policy on BYOD that requires VPN and encrypted chat protocol.

Employers with a BYOD environment should create an agreement with employees allowing routine scanning and monitoring of their device for

security concerns. IT teams can set policy and rules to disallow all but specifically approved work applications from gaining access to servers.

As an added layer of protection, IT managers can index the addresses of all BYOD devices and set a data transfer cap to remote (non-internal)

IP addresses to prevent/minimize any remote data exfiltration by compromised authorized devices.

As more chat systems are developed, companies need to develop standard rules for the use of these solutions. Those with BYOD policies

should conduct a risk/benefit evaluation to reveal any threats or attack vectors that current policies do not acknowledge, such as infected

...there are no standard security regulations for new chat and IM systems, making them an easy way for threat actors to enter corporate networks...

34 https://sameroom.io/blog/self-hosted-team-chat-options-and-alternatives/


personal devices, outdated software/hardware, improper login

methods, patching, or misconfigured security protocols, among others.

Compromises will occur, and the BYOD environment exponentially

increases potential access vectors to malicious actors. The balance

between policy and access remains a decision for each executive

team to determine.

Evolving Threat Landscape Will Be A BarrierToTheCyberInsuranceMarketSecurity researchers estimate that the cyber insurance market will triple

in size to $7.5 billion in annual premiums by 2020. Others predict that the

cyber insurance market could grow to $20 billion by 2025.35 While the

concept of cyber insurance is nothing new, the volatility of a constantly-

evolving threat landscape will affect the widespread adoption of cyber

insurance policies, specifically by large businesses.

The introduction of Internet-connected devices embedded with electronics,

software, and sensors (aka the Internet of Things or IoT) has played a

huge role in the evolution of the threat landscape, creating a barrier to

entry for insurers. Due to the nascent proliferation of IoT and IoT devices,

underwriters lack the historical context necessary to write accurate

insurance policies. Without this data, they will be unable to fully understand

cyber attacks and the threat landscape, making it harder to statistically

predict the probability of future attacks. Part of the reason for the lack of

actuarial data is because many organizations are not required to disclose

35 http://www.reuters.com/article/2015/09/13/cyber-insurance-survey-idUSL5N11G40A20150913#QGIVRs4rmUBT6eUt.97


a breach, or breaches are “small” enough that they are under the disclosure

threshold, so actuaries do not have access to pertinent information due to lack

of information sharing. Further complicating this issue is the fact that IoT devices

provide a much more numerous attack surface for malicious actors.

As a result, insurers have been forced to increase insurance premiums

to remain profitable while assuming responsibility for uncertain risk. They

end up charging high prices for cyber coverage and putting a ceiling on

potential losses, which, in turn, deters companies from buying cyber polices.36

Predicting declining investor confidence and brand damage for a company

also makes underwriting insurance policies difficult within the context of

secondary and tertiary effects of a breach.

Although analysts at Frost & Sullivan predict that the cyber insurance space is

expected to become more competitive and driven by rapid adoption of cloud,

mobility, and the Internet of Things (coupled with growth of cyber threats

and data breaches), we find it unlikely that more insurance companies will

step in to provide cyber insurance policies that offer more than just blanket

compensation and protection from liability in the event of a cyber attack.37

SMBs, not Enterprises, Will Be First to Adopt Cyber Insurance Policies

Unlike most insurance plans that rely on already established categories

based on actuarial data, cyber insurance requires historical analysis of

cyber attacks to include the tactics, techniques, and procedures of actors

36 http://www.reuters.com/article/2015/09/13/cyber-insurance-survey-idUSL5N11G40A20150913#QGIVRs4rmUBT6eUt.97 37 http://www.ibamag.com/news/analyst-predicts-rise-in-cyber-insurance-competition-us-insurer-opens-incident-response-site-26900.aspx


breaching companies. However, since there is no current national requirement for companies to report breaches, insurance companies

may lack the necessary information to calculate, predict, and underwrite legitimate cyber insurance policies.

As a result, enterprises will likely remain largely self-insured or obtain self-insured retention (SIR) policies. Conversely, small and medium-sized

businesses (SMBs) will quickly adopt cyber insurance policies because they offer more than just compensation and protection from liability in

the event of a cyber attack.38

A common misconception is that hackers do not target small businesses and instead pursue big businesses for higher profit. In fact,

hackers prefer targets of opportunity, and SMBs are frequently targeted because of their insecure and under-protected infrastructure.

Although conventional insurers like ACE, AIG, AXA, the Beazley Group, Chubb, Ergo, Hiscox, and Zurich continue to go after the cyber

insurance market, they have been met with stiff competition from “disruptors” like Google and Apple that are more marketable due to

brand name recognition.39 SMBs and Millennials may look to these brands as an affordable and more robust alternative to cyber insurance

and may be more inclined to trust brands with which they are more familiar. As such, SMBs could further influence the future of the cyber

insurance landscape if they choose to support these non-traditional insurance players. Brand reputation and brand names may prove more

lucrative in the insurance market than traditional insurers as they take advantage of an industry without standardized insurance policies or

underwriting practices.

Enterprises will likely remain self-insured… Conversely, small and medium-sized businesses (SMBs) will quickly adopt cyber insurance policies.

38 http://www.ibamag.com/news/analyst-predicts-rise-in-cyber-insurance-competition-us-insurer-opens-incident-response-site-26900.aspx 39 http://www.reuters.com/article/us-cyber-insurance-survey-idUSKCN0RD0XO20150913


Rise of Security Benchmarking

Enterprises are also offsetting liability by placing the burden on SMBs

through the negotiation of contractual agreements that require third-parties

to maintain high security standards. Doing so effectively turns SMBs into

proxies to absorb the costs of cyber insurance. As a result, we expect to see

vendor partners, clients, and cyber insurers turning to security benchmarking

services that evaluate security behaviors in order to help organizations

manage third-party risk and negotiate cyber premiums. Security benchmarks

will help larger companies decide whether they should do business with

these third-party SMBs, and may force SMBs to develop and maintain strong

security controls or risk losing business with enterprise organizations.

As these types of services become mainstream and gain market share,

we expect to see more companies being held to a higher standard, since

an unfavorable security benchmark ranking could cost SMBs sizeable

business deals.

The one concern with security benchmarking services is the reliability of their

ratings. If those scores are later determined to be inflated or inaccurate, they

could have a negative impact on prospective vendors.

The current vendor review process depends on questionnaires without any

quantifiable data. SMBs will need to start thinking about their scores based

on, in some cases, automated risk valuation tools. Even if the findings are not

critical, the overall score could stand in the way of landing deals or getting a

cyber insurance policy. Chief Information Security Officers (CISOs) need

to be aware, informed, and understand what impacts the score.


Problems with Government Regulation

Although some insurance markets are regulated by government guidelines for minimum coverage, we do not expect to see any

government intervention mandating cyber insurance. Government entities tend to be reactive, rather than proactive, on consumer risks

relating to information technology topics and traditionally take a conservative approach to evaluating those risks. Part of the problem is that

governmental bodies can only set guidelines to the lowest common denominator based on already reported compromises. This means that

federal oversight on cyber insurance would only evaluate cyber risks on existing data, but lack the wherewithal to keep pace with a constantly

changing threat landscape. In other words, government engagement on the issue would be sluggish at best. This also means that federal

guidelines would emphasize policies that only require businesses to meet the most basic minimum standards without an incentive to do

more than what is required.

Social Engineering Attacks To Play A Larger Role In Security Breaches Social engineering – the practice of using non-technical methods to trick people into doing something they would not normally do otherwise

– is not a new attack method. Threat actors have been researching their target victims by analyzing their social media profiles and Internet

footprint and then forming relationships with them for years.

In 2016, we will likely see social engineering evolving in the following ways:

• Morecompromisesofcorporatenetworks

• Increaseduseofpretextingbyallthreatactors,especiallyhacktivists

• Agreaterroleinhacktivistactivity

Compromised Corporate Email

Business Email Compromise (BEC) is a growing and sophisticated scam that, according to the FBI, targets “businesses working with foreign

suppliers and/or businesses that regularly perform wire transfer payments.” Threat actors compromise legitimate business email accounts

through social engineering and/or computer intrusion techniques to conduct the unauthorized transfers of funds. BEC used to be called

the Man-in-the-E-mail Scam, but was renamed to focus on the business aspect of the scam.


BEC grew 270 percent from January 2015 to August 2015, with scams reported in all 50 states and in 79 countries. Outgoing transfers

have been reported going to 72 countries; however, the majority of the transfers are going to banks located within China and Hong Kong.40

From October 2013-August 2015, there were an estimated 8,179 victims of BEC, with a dollar loss of $798,897,959.25.41

BEC scams are carried out in four ways42/43:

1. “The Bogus Invoice Scheme”/”The Supplier Swindle”/“Invoice Modification Scheme: Businesses receive an invoice

from a familiar supplier and are asked to pay it via wire funds.

2.“CEOFraud”/”BusinessExecutiveScam”/“Masquerading”/“IndustryWireFrauds”:Employeesreceiveaspoofedemail

fromtheCEOoranotherhigh-rankingexecutivefromtheircompanyaskingforawiretransfer.

3.EmployeeEmailHack:Anemployee’spersonalemailaddressishackedandemailsfromthecompromisedaccount

aresenttovendorsrequestinginvoicepaymentsorcontactlists.

4.Lawyer/LawFirmEmails:Employeesarecontactedbyalawyerorrepresentativeofalawfirmandareasked

to transfer funds to handle a “time-sensitive” matter.

Pretexting

Pretexting (‘pretending’ + ‘texting’) is a social-engineering tactic, similar to phishing, used to steal private information by exploiting publicly

available information. However, instead of using emails to lure potential victims into revealing sensitive or proprietary information, pretexting

involves a more human element because targets are engaged directly. Pretexting can be one of the quickest, easiest, and low-cost/

low-sophistication ways to obtain information from unsuspecting employees.

We anticipate cyber threat actors associated with hacktivist organizations or organized crime groups to continue pretexting activity to

obtain confidential or restricted information from financial institutions, which may affect the integrity of customer data.

40 http://www.ic3.gov/default.aspx 41 http://www.ic3.gov/media/2015/150827-1.aspx#fn1 42 https://www.ic3.gov/media/2015/150122.aspx 43 http://www.ic3.gov/media/2015/150827-1.aspx#fn1


Additionally, any true change in pretexting methods will

come from federal prosecution of companies that fail

to protect consumers from pretexting activity. 2015 saw

a new direction into the enforcement of the Gramm-

Leach-Bliley Act (GLBA), with several companies fined

for not properly training their employees in pretexting

techniques leveraged by groups like Lizard Squad, who

employ pretexting to obtain login IDs, passwords, and

corporate intranet information.44

Hacktivism

We saw social engineering begin to play a greater role

in hacktivist activity towards the end of 2015 when the

CIA Director and the Department of Homeland Security

Secretary’s non-government email accounts were

accessed by hacktivists. In both cases, the alleged

hacker said he was motivated both by politics and by the

desire to shame the government. Hacktivists will likely

continue to gather Personally Identifiable Information (PII)

and public information and pictures from social media

sites.45 Thus, public officials, law enforcement officers,

and executives and their family members should remain

vigilant about what they share online.

44 http://www.jdsupra.com/legalnews/fcc-fines-cable-operator-following-data-78874/ 45 http://www.ic3.gov/media/2015/151118.aspx

• Employee at X company (8 yrs)• Worked on Project X• Engineer for X Project• Personal item• Personal item

Once the reconnaissance phase is completed, the actors engage the targets

themselves, often creating elaborate stories to get them to unwittingly divulge details

that would otherwise remain private.

Typically these social engineering activities consist of reconnaissance activity, where the actor

performs research on their targets by analyzing their social media profiles and internet footprint

before engaging with the target themselves.

Actor researches target...

Actor contacts target...

Target engaged...

Victim divulges information to actor


The Importance of Cyber Security Training

The weakest link in an organization’s IT security plan is often its own employees. According to a 2015 report, 45 percent of employees

have not received cyber security training.46

BecauseoftheGramm-Leach-BlileyAct(GLBA),employersarenowresponsibleforprovidingtrainingtoemployees

so that employees are aware of those who:47

• Use“false,fictitious,orfraudulent”statementsordocumentstogetpersonalinformation

• Use“forged,counterfeit,lost,orstolen”documentstogetpersonalinformation

• Recoverpersonalinformationwhichwasobtainedorreceivedbyanotherperson

The GLBA applies to financial institutions and other organizations that collect financial information. Recently, we’ve see government agencies

such as the Federal Trade Commission (FTC) and Federal Communications Commission (FCC) starting to enforce the guidance of this act and

based on this new activity, we see these guidelines spreading to other sectors.

Hacktivists will continue to evolve their tactics to use social engineering more often as a way to try to embarrass, discourage, exploit, and

attack their targets. Social engineering offers hacktivists unprecedented access to personal and professional information, which could be

used for malicious means, including derailing political campaigns, impersonation, exposing alleged cover-ups, releasing embarrassing

personal details to the public, and exploiting C-level corporate executives. As hacktivists continue to be successful in attacking their targets,

especially high-profile officials and individuals, more hacktivists will turn to social engineering as a legitimate and relatively safe attack vector.

If employees are not aware of social engineering tactics, like compromised emails or pretexting, their company may be fined by federal

agencies for failure to protect confidential customer data.

46 https://www.comptia.org/resources/cyber-secure-a-look-at-employee-cybersecurity-habits-in-the-workplace 47 https://www.ftc.gov/tips-advice/business-center/privacy-and-security/gramm-leach-bliley-act

32


The availability and accessibility of data and information, as well as the ease of use of hacking tools, means anyone with

access to an Internet-connected device can launch an attack, putting all businesses – not just large corporations – at

risk. The advent of Bitcoin has made it easier for criminals to buy and sell hacking tools, as well as given them additional

incentive to monetize malware. This accessibility, availability, and “interoperability” of code and networked-devices also

means that nation-state actors can take advantage of the same tools criminals are using with equal impunity.

As companies continue to embrace the Internet of Things (IoT), which has expanded to heating/ventilation/air conditioning

(HVAC) systems, lights, video surveillance, identification cards, and even vending machines, cyber and physical security can

no longer be seen as two separate issues. In the past, threat actors could attack a company’s network, steal data, etc. and it

would largely remain a cyber issue with little effect on the physical aspects of a corporate building. However, today, if threat

actors attack a network that also controls a building’s access points, then that cyber attack is a physical attack as well. Threat

actors could lock employees out, allow unauthorized people in, or steal data that could be used in a greater social engineering

attack. Today’s companies must take a unified approach to both cyber and physical security, recognizing that while they may

not ever fully converge into one, their operations are becoming increasingly reliant on one another to be successful.

It is more important than ever for companies to invest in a more robust cyber security posture. Companies should actively

monitor their networks and networked resources to identify potential threats, as well as provide regular security awareness

training for their employees so they don’t fall for social engineering tactics like phishing emails or pretexting. Security awareness,

from the top down, is one of the easiest ways to combat these ever-growing and commonplace threats in the workplace.

Conclusions

While your network may be secure, do you have visibility beyond the perimeter? Security is no longer about what you can see. What you can’t see is where the true threats hide.

Cyveillance, a LookingGlass Cyber Solutions company, offers an easy-to-use platform that enables security professionals the ability to see beyond the perimeter. Our solutions identify cyber and physical threats and risks across the globe, allowing you to mitigate and eliminate them before they disrupt your business.

We go beyond data to provide the threat intelligence that you need to achieve your organization’s business goals. Contact us today to learn more and get a free trial.

Using security intelligence technology can save companies up to $2.6 million when compared to companies not using security intelligence technologies. “2014 Global Report on the Cost of Cyber Crime.” Ponemon Institute; HP. 3 Dec. 2014. http://www8.hp.com/us/en/software-solutions/ponemon-cyber-security-report

Cyber Threat Center

www.cyveillance.com/cyberthreatcenter

11091 Sunset Hills Road, Suite 210 Reston, Virginia 20190 Toll-Free: 888.243.0097 | Headquarters: 703.351.1000www.cyveillance.com [email protected]

© 2016 LookingGlass Cyber Solutions. All rights reserved. Cyveillance is a registered trademark of Cyveillance, Inc.

All other names are trademarks or registered trademarks of their respective owners

LookingGlass Cyber Solutions delivers advanced, comprehensive threat intelligence-driven solutions in four categories: machine readable threat intelligence (MRTI), threat intelligence management (TIM) with over 140 data sources transformed into threat intelligence, threat intelligence services, and threat mitigation. LookingGlass enables security teams to efficiently, effectively address threats at every stage of their lifecycle. For more information, visit www.lgscout.com.

Cyveillance, a LookingGlass Cyber Solutions company, is the leading provider of cyber threat intelligence, enabling organizations to protect their information, infrastructure, and employees from physical and online threats found outside the network perimeter. Founded in 1997, Cyveillance delivers an intelligence-led approach to security through continuous, comprehensive monitoring of millions of online data sources, along with sophisticated technical and human analysis. The Cyveillance Cyber Threat Center, a cloud-based platform, combines web search, social media monitoring, underground channel information, and global intelligence with investigative tools and databases of threat actors, domain names and IP data, phishing activity, and malware. Cyveillance serves the Global 2000 and the majority of the Fortune 50 – as well as global leaders in finance, technology, and energy – along with data partners and resellers. For more information, visit www.cyveillance.com.

Documents

Information Security Threat Landscape - LookingGlass Cyber€¦ · Some of the biggest data breaches – Home Depot and CVS – were caused by supply-chain issues, resulting in data