While security pros need clear insight into their organizations vulnerabilities, internal analysis alone is not enough. Outward examination – such as who is attacking other members of your business sector with what kind of attack and how it is impacting them – is a critical component of an effective cybersecurity approach. Unfortunately, oftentimes, we spend too much time looking at only a small piece of the puzzle.
A new report recently published by SurfWatch Labs, “Trends in Cybercrime: A Social Look at the First Half 2014,” aggregates and standardizes cyber crime-related data from the first six months of the year into cyber business intelligence that provides some interesting insights. The standardized cyber data, known as CyberFacts, provide instant understanding of who (Actor) did what to whom (Target), what happened (Effect), and how they did it (Practice). By harnessing the collective power of all this information that exists outside an organization’s walls – from security researcher and infosec blogger discussions to news outlets, social media, vulnerability and security data feeds and more – it’s possible to extrapolate cybersecurity trends across various industries.
Here’s a top-line look at what SurfWatch Labs found in the first half of 2014 for the six most active industries.
Jason Polancich, founder and chief architect, SurfWatch Labs, is a serial entrepreneur focused on solving complex Internet security and cyber-defense problems, with more than 20 years of experience as an intelligence analyst, software engineer, systems architect and corporate executive. Prior to founding SurfWatch Labs, Mr. Polancich co-founded Novii Design, which assisted the U.S. intelligence community and Department of Defense in building some of the largest data warehouse and analysis systems ever put into operation within the government and defense contracting sectors.
Cyber Crime Trends
Click through for highlights from a recent survey of cyber crime data that provides some interesting cyber BI insights, as identified by SurfWatch Labs.
- Who (actor): Identity unknown (76 percent)
- Targeted (target): Customers/clients (43 percent)
- What happened (effect): Data stolen/leaked (53 percent)
- How they did it (practice): Unauthorized access (51 percent)
The headlines this year have been dominated by mega breaches that have affected huge percentages of the population, a trend that’s carried over from 2013, which saw large breaches at the NSA and Adobe, among others. During the first half of 2014, consumer goods had 374 distinct industry targets yet one of those, Target stores, impacted a third of all U.S. adults and therefore was the most discussed. A breach at Michaels stores affected 2.6 million cards; another 400,000 were compromised at its subsidiary Aaron Brothers.
- Who (actor): Identity unknown (83 percent)
- Targeted (target): Customers/clients (19 percent)
- What happened (effect): Financial loss (31 percent)
- How they did it (practice): Malware (50 percent)
This year has also seen widespread discussion about cyber crime related to a variety of digital currencies. In the financials sector, Bitcoin and related currencies were six of the top 10 most discussed industry targets – and 10 of the top 25. Bitcoin and Mt. Gox were not only the top two targets in terms of digital currency, they were the top two most discussed industry targets for all of the financials sector (at 18 percent and 15 percent respectively).
The variety of malware targeting these currencies has exploded over the past six months, in part due to the fact that traditional defenses that have been honed by larger financial institutions over the past decade to fight cyber crime are largely absent when it comes to digital currencies, which in essence forces the holders of currency like Bitcoin into being their own bank.
- Who (actor): Identity unknown (32 percent)
- Targeted (target): Data (35 percent)
- What happened (effect): PII stolen/leaked (83 percent)
- How they did it (practice): Unauthorized access (78 percent)
When looking at distinct targets, health care dominated all other sectors. Over 27 percent of all distinct cyber crime targets are related to health care. Despite that high number, the sector only garnered 2.8 percent of the overall cyber crime discussion.
The high number is likely due, at least in part, to the increased regulatory and breach notification requirements in the health care sector. The findings are inline with other agencies including the FBI, which warned in April that the January 2015 deadline to transition to electronic health records (EHR) “will create an influx of new EHR coupled with more medical devices being connected to the Internet, generating a rich new environment for cyber criminals to exploit.”
- Who (actor): Hacktivist (56 percent)
- Targeted (target): Websites (57 percent)
- What happened (effect): Service interruption (33 percent)
- How they did it (practice): Unauthorized access (28 percent)
The severity and complexity of cyber espionage has increased because Snowden revelations have shed light on current cyber espionage actions and may have caused other nation-states to increase or change their attacks. Espionage and supply-chain discussions were driven largely by U.S. and China’s back-and-forth allegations. The U.S. government was the top target related to espionage (14.8 percent) with Alcoa, Westinghouse Electric Company, Apple, and U.S. Steel Corporation rounding out the top five.
- Who (actor): Hacktivist (43 percent)
- Targeted (target): Social media accounts (36 percent)
- What happened (effect): Account hijack (42 percent)
- How they did it (practice): Unauthorized access (70 percent)
Ransomware, extortion and sextortion discussion are on the rise; Cassidy Wolf, the Miss Teen USA winner in 2013, was the victim (along with others) of a high profile sextortion case that made her the fourth most discussed target in entertainment (behind music producer Deadmau5, singer Justin Bieber, and Forbes social media editor Alex Knapp).
- Who (actor): Identity unknown (73 percent)
- Targeted (target): Users (24 percent)
- What happened (effect): Infected/exploited assets (34 percent)
- How they did it (practice): Malware (31 percent)
Recent months have seen several high profile cases of cyber criminals not simply stealing data or attacking a website, but holding these assets for ransom. Extortion and ransoms in cyber crime are not new techniques; in June it came to light that Nokia paid millions of dollars to extortionists in 2007 to prevent the compromise of the source code for their mobile operating system Symbian. In 2014, the frequency of this practice is on the rise, mostly utilizing DDoS or stolen data as leverage.
The information technology sector faced the largest percentage of DDoS attacks in 2014, with the tag showing up in nearly 19 percent of all the sectors’ CyberFacts.
Vimeo, Bitly, Shutterstock, MailChimp, Elance, oDesk, Feedly, Evernote, Basecamp, Move Inc., Mad Mimi, Meetup, and Typepad have all been threatened with DDoS attacks this year unless they paid amounts typically under $1000 in Bitcoin. These amounts are likely so low because it may makes a business more inclined to pay it than to lose a day of business. Payment also indicates a willingness to submit to financial demands and may lead to further threats and ransom.
Overall, much like the discussion around the cost of cyber crime, the answer seems to be not a specific number, but simply more: more cyber crime affecting more businesses along more attack vectors resulting in breaches that are often impacting larger numbers of people. Given this environment, it’s increasingly important to understand all the areas of risk facing your organization, including what is happening to others around you. This information, coupled with a comprehensive view of your own networks, allows for more informed decision making.