Threat Landscape Grows Complex and Chameleon-like
Overall malicious content in e-mail increased 250% in 2015, compared to 2014, with the Dridex banking malware and various ransomware campaigns largely responsible for the rise
Forcepoint recently released its 2016 Global Threat Report claiming a definitive breakdown of many of today’s most impactful cybersecurity threats with far-reaching technical, operational, and cost impacts on affected organizations. The report details specific, notable threats in-depth and provides the information about the threat composition and their severity. INSIDER THREAT: ACCIDENTAL The report outlines that ‘insider threats describe attacks that either originate or receive cooperation from sources within an organization.’ Preying on globalization and more dynamic business relationships and supply chains, attackers are targeting insiders in victim and adjacent organizations. They often gain access to systems by manipulating staff into what appears to be legitimate activity. This is in fact designed to steal their credentials.
Forcepoint and third-party research shows that policing THE MALICIOUS AND THE insider activity and accounting for privileged credentials are security issues organizations feel least-prepared to confront. The report outlines that ‘nearly 80% of security remains focused on perimeter defenses, with less than half of organizations having dedicated budget to insider threat programs.’ Common challenges cited in the report included organizations lacking enough ‘contextual information’ to discern suspect from benign activity and ‘insufficient visibility’ into overall behaviour on networks, due to reliance on disparate, disconnected tools in order to monitor users, actions and sensitive files. More sophisticated technology combining data loss prevention (DLP) and threat behavior analytics that correlate with other IT and business systems (like badging and IP log records) is now evolving to determine whether a threat is from a true insider or a malicious masquerader using stolen credentials.
Forcepoint’s Global Threat Report documents a case study of an organization undergoing merger and acquisition (M&A) activity, where personnel affected by downsizing were observed violating their generous separation agreements by trying to exfiltrate proprietary company information before their departures. This activity was prevented, yet could have had costly business repercussions if it were successful. “JAKU” AND BREAKING RANSOMWARE What’s “JAKU”: JAKU is a global botnet named after the harsh desert planet in Star Wars: The Force Awakens and exhibits a split personality. Its attack infrastructure seeks to both compromise victims at large scale, in order to co-opt and herd them for mass effect, and simultaneously conduct narrow, highly-targeted attacks on individual victims, seeking to harvest sensitive files, profile end-users, and gather valuable machine information. www.dqindia.com 41