Cyber criminals getting more nimble, sophisticatedPosted On: Mar. 8, 2016 12:00 AM CST
Firms face a “broader and deeper landscape” with respect to cyber security risks, according to an analysis released Tuesday.
In 2015, “familiar challenges got more complicated given recent changes in attackers' modus operandi,” cyber security firm Trend Micro Inc.
“Data breaches, for example, did not just end with compromised confidential data being leaked to the public. Instead, we saw how exposed data was further utilized in more damaging schemes,” says the report by the Irving Texas-based firm.
The report points to the blackmail letters received by people whose names were linked to the extra marital affairs website Ashely Madison data dump, coercing them to pay bribes in exchange for their anonymity.
The report, “Setting the Stage: Landscape Shifts Dictate Future Threat Response Strategies,” warns that “In global cybercrime different underground markets continued to grow not only in breadth but in depth. Crimeware offerings, portals, and cybercriminal training evolved to the demands of their respective countries.”
The report says also that 2015 developments have created “a much broader attack surface,” which is partly due to the Internet of Things. “Smart devices have been security concerns for organizations since their conception, and with the number of successful hacks reported over the past months, it is only matter of time before cyber criminals and attackers find ways to use these weak points for large-scale operations,” says the report.
Another report issued Tuesday by Atlanta-based cyber security firm Damballa Inc. says cyber criminals are using only a few Internet protocol addresses per Internet service provider to stay under the radar and reduce their chance of getting caught.
For instance, criminals using Pony Loader, a well-known Trojan software, which is malware disguised as legitimate software, have used 281 domains and more than 120 internet protocol addresses spread across 100 different internet service providers since Damballa began tracking it in May. 2015, according to the “State of Infections Report, Q1 2016” report.
“If a domain only stays online for a few days or hours, criminal (command & control) communications can go undiscovered for long periods of time,” says the report.
“Security teams should look for active (command & control) communications originating from inside the network and block outbound attempts.”