Cybercriminals are becoming more and more sophisticated and devious in their attacks, taking more time to plan their hits. As the volume of data generated worldwide soars, so will the number of threats that companies are exposed to, warn pundits.
By Otilia Haraga
To know one’s opponent is perhaps one of the unwritten rules in any battle. But in order to know one’s opponent, one needs to know their goals and motivations. So what are cyber-criminals after, when hacking into companies’ security systems?
“If we’re talking targeted breaches, the perps are usually after some sort of confidential data – credit card numbers, drawings, blueprints, documents… you name it, it’s being stolen. A second area of exploitation is to map the relationships of the breached system, find other systems which trust it, possibly in other companies, and exploit those as well. A payment processor might give a travel agency insufficiently secured database access, for example, on the assumption that the travel agency will properly secure its back-end systems,” Catalin Cosoi, chief security strategist at Bitdefender, tells BR.
He adds, “The bigger the company and the more money it is (perceived to be) moving around, the higher the number and severity of attacks targeting it and/or its customers.”
Banks and online stores are among the biggest targets, he says. “We’re seeing an increasing number of business websites getting compromised and subsequently used to serve malware – the smaller the IT and IT security budget, if it even exists, the likelier the compromise,” says Cosoi.
According to G Data representatives, it is not always the size of the company that matters, but the value of the critical data.
“A lot of small and medium companies don’t think that their data is important enough for attackers. This is definitely not the case – captured servers/IT infrastructure/computers are valuable assets in themselves and have been borrowed for other cyber attacks in the so-called underground markets, for example for DoS (denial-of-service) attacks on companies worldwide,” they say.
Last year, Romania came 25th in a worldwide ranking of the most exposed countries to cyber-attacks, having improved by one position since the previous year, according to the Internet Security Threat Report carried out by Symantec.
Top was the United States, followed by China, India, the Netherlands, Germany, Russia, Great Britain, Brazil, Taiwan and Italy.
“In 2013, much attention was focused on cyber-espionage, threats to privacy and the acts of malicious insiders. However, the end of 2013 provided an important reminder that cyber-crime remains prevalent and that damaging threats from cyber-criminals continue to face businesses and consumers,” Vasile Aniculaesei, country manager at Symantec for Romania and Bulgaria, tells BR.
Warns Cosoi, “There is a definite move away from cookie-cutter, automated attacks and into targeted breaches, using all sorts of techniques, from bespoke exploits for zero-day vulnerabilities to social engineering techniques and even physical breaches. As companies move to the cloud, we are also seeing the first attacks against cloud service providers.” Zero-day vulnerabilities are attacks that exploit a previously unknown vulnerability which developers have not had time to address.
He adds that there has been a surge in Trojan malware charging customers by sending SMS to premium numbers without their consent.
In the EMEA section of the ranking, Romania was deemed the 11th most vulnerable nation to informatics attacks, behind Spain, France, Poland, Turkey and Hungary.
Romania was ranked 14th worldwide by the origin of spam, with 2.3 percent of the total volume of spam attacks starting here, according to the report.
It came 21st worldwide for the number of phishing attacks generated, at 1 percent.
“Attacks are becoming more sophisticated and more targeted, so they loom large in the minds of consumers and organizations of all sizes, especially as social media and mobile devices proliferate and are creating an information explosion,” says Aniculaesei.
He says that 90 percent of the world’s data has been created over the past two years and many companies forecast that their information will grow by 60-70 percent within one year.
“The number of breaches recorded worldwide last year increased by 62 percent from 2012, with 253 total breaches amounting to more than 552 million data records exposed, putting consumers’ financial information, birth dates, government ID numbers, home addresses, medical records, passwords and other personal information into the hands of cybercriminals,” comments Aniculaesei.
According to the Internet Security Threat Report, the number of targeted attacks worldwide spiked by 91 percent, and they lasted on average three times longer than in 2012.
Furthermore, there was a 61 percent worldwide growth in zero-day vulnerabilities last year compared to the previous year. Twenty-three zero-days were discovered in 2013.
Last but not least, there were six times as many ransomware attacks worldwide, corresponding to an astounding 500 percent growth in 2013, says the report.
“The attacks are generally planned a long time before they are executed to ensure they are highly efficient. Initially, the attacks include social engineering tools and progress up to using last-generation technology in the field and exploiting known and unknown vulnerabilities. One of the methods popular among attackers for launching such targeted attacks was sending dangerous attachments via e-mail services,” says Adrian Porcescu, presale group manager for Eastern Europe at Kaspersky Lab.
According to Kaspersky Lab data, 9 percent of companies worldwide have been victims of a targeted attack. There is a high interest in companies in oil & gas, telecommunications, research, aerospace engineering and technologies.
HOW COMPANIES CAN PROTECT THEMSELVES FROM CYBERATTACKS
• Know your data: Protection must focus on the information – not the device or data center. Companies must understand where their sensitive data resides and where it is flowing
• Educate employees: Firms must provide guidance on info protection, including company policies and procedures for protecting sensitive data on personal and corporate devices.
• Implement a strong security posture: Companies must strengthen their security infrastructure through data loss prevention, network security, endpoint security, encryption, strong authentication and defensive measures, including reputation-based technologies.