Cytegic continuously monitors the cyber threat landscape and analyzes various inputs to identify threat agents, attacks and controls, based on geo-political regions and business sectors. Our DyTA machine monitors thousands of quality sources (both structured and unstructured), detects daily, weekly and monthly trends, changes and events and incorporates them into Cytegic’s methodology and systems. DyTA enables a quick, understandable and actionable cyber-threat forecast.
The following is a high-level summary of developments and trends from 2014 that have been included in our CIAC Intelligence Packages, and forecast for 2015. The trend analysis and forecast are based on our events database and are represented here as an example of DyTA’s capabilities. These are pushed to local installations of the Cytegic DSS, and are correlated to the local environment defense posture for actionable intelligence.
For daily updates, follow us on twitter: www.twitter.com/Cytegic
For the full report, please contact us at: firstname.lastname@example.org
2014 Major Rising Trends and 2015 Forecasts:
The Proliferation and Monetization of Advanced Attack Methods – In the past year, there has been a significant rise in the monetization process of advanced cyber tools. This means lower-capability attackers may be able to implement high-end tools and techniques simply by purchasing them or their blueprints off the shelf on black markets. Some of the major indicators for this trend are the constant rise in capability and usage of modified spyware by rouge political- or industrial-espionage groups, and of cryptoware for ransom by financial hackers. Attackers of different resources and skills are already using tools which were in the past used solely by nation-states and organized cyber-crime syndicates, and we predict this trend will continue to rise in the near future (even if we’ll see large-scale law enforcement busts and counter-campaigns as in the past year).
- Keep malware lists and vulnerability patches up-to-date
Tool-Kits and Exploit-Kits Becoming More Available and More Aggressive – Throughout the past year we have seen adaptive exploit-kits and even cyber-attack dashboards becoming available for purchase and implementation. This means that organizations will deal significantly more with pre-engineered attack vectors which include every part of the kill-chain (from reconnaissance, through penetration and navigation, and up to execution and exfiltration) in one click. This trend and the previous one are best represented by the Vawtrak Crimeware-as-a-service tool, and by the Regin spy-kit.
- Implement Defense-in-Depth strategies and a high-level phishing awareness
A Rise in the Use of Legitimate Actions and Tools – While in the past, attackers were identified as external of internal, today it is not so clear-cut. This means that more and more attackers and attack vectors already leverage legitimate business and IT actions, tools, processes and privileges, and will continue to do so, to access sensitive data without being tagged as an intruder by internal controls. This can be seen in cyber-campaigns which leveraged Dropbox communications, security updates and other legitimate processes. Additionally, even leveraging an internal employee may become a rising threat and can be considered as abusing legitimate actions, as seen in campaigns in Eastern-Europe and Africa.
- Implement high-level anomaly detection tools, hardening and segregation of duties and privileges
DDoS Just Won’t Die – While many predictions in previous years foresaw the decline of DDoS as a widespread and effective attack method, the actual cyber field has proven otherwise, as we forecasted last year. DDoS attacks were of the most widely used attack methods in the past year, and their width and strength kept rising (up to 400Gbps recently). In the coming months, we’ll continue to see not only hacktivists or sensationalists trying to make headlines by blocking access to high-profile sites or services, but also financial hackers using DDoS for distraction or ransom, and even nation-level DDoS attacks – such as the recent North-Korea internet blackout, which was not unprecedented (Estonia and Georgia for example).
- Implement DDoS mitigation tools and services and be aware of DDoS-as-Distraction
The Actions of Companies and Organizations Also have Cyber-Reactions and National-Level Consequences – As seen in the infamous Sony breach, even “innocent” actions by a specific company may trigger devastating cyber-consequences for that company and even on a national level. While until recently it was clear that companies are liable for their customers’ sensitive information (i.e. the trends we predicted last year regarding the rise in PII theft and large-scale payment card theft), now they need to understand that they are also liable for their entire eco-system (vendors, partners, banks, government, etc.).
- Understand who your potential enemies are, what their capabilities are and what might trigger them to attack; use preemptive measures before planed actions and enable quick recovery procedures
Banking Trojans, Banking Trojans and More Banking Trojans – From ATM skimmers and malware, through mobile banking MitM trojans and the “good”-old Zeus family, to the unique adaptive malware used against JPMorgan, this year continued to be dominated by banking trojans. Not even large-scale assaults against Zeus’ and the Blackhole exploit kit’s C&C infrastructure and handlers, managed to put more than a dent in the dominance and effectiveness of the overall banking trojan field. We predict that 2015 will be no different and that banking trojans will continue to evolve and adapt and pose a significant threat to banks and banking users together.
- Educate your clients regarding the threat and how to prevent it, implement strict 2-factor authentication to prevent fraud, and implement anti-malware controls on network and endpoint devices such as ATMs
POS Malware – And, naturally, no 2014 summary is complete without mentioning the meteoric rise of POS malware, especially in the US. While a year ago Target and Neiman Marcus drew most of the attention to the retail sector, throughout the year we have seen POS malware spread, sometimes through POS vendors, to food chains, hotels and even parking lots (yes, Parking Lots!). As we predicted last year, POS malware was among the top cybercrime trends of the year and we assess the threat will continue to be dominant in the coming months.
- Implement strict vendor management and anti-malware controls on your network and endpoint devices, especially in stores