By Liran Tzah
Another month, another high-level snapshot of the Cyber threat landscape as seen through the eyes of Cytegic analysts. For a quick update on what stood out for us last month, please check our blog on March CIR Highlights.
As we mentioned last month, our Threat Intelligence reports are designed to provide a big picture view of the global threat landscape. Our analysts identify and analyze trends by comparing cyber activity across regions and industries worldwide.
While we publish them monthly as stand alone reports, our customers use them in conjunction with our cyber security management platform in order to make more informed, strategic decisions about how to manage cyber risk.
With that being the case, the trends we call out may seem like common sense to security professionals that spend a substantial amount of their time “in the trenches.” However, we are not calling out the obvious – we’re confirming it based on historical data.
Now, back to April’s report. Here are some of the highlights:
Since March, the number of attacks worldwide has decreased by 17%, wiping last month’s 17% increase. North America is still the most targeted and cyber-active geo-political region in the world. Western Europe returns to be the second most cyber active geo-political region. The Middle East, which last month (and for the first time ever) ranked as the second most cyber active region in the world, has since dropped to third place.
Client data, which mainly consists of Personally Identifiable Information (PII), such as a name, address, social security number and birthdate, remains the most targeted asset in North America, followed by what we call “monetary value” – mainly bank account numbers and associated account information – similar to last month’s ranking. For the first time we have seen financial transactions became the most targeted asset in North America on the Dark-Web. Also, we are seeing indications of migration of cyber activity on payment cards from Dark-Web-to the Surface-Web.
An analysis we conducted amid the upcoming United States presidential election reveals an alarming trend of data breaches focused on personally identifiable information (PII) worldwide, with major breaches in the Philippines and Mexico – in April.
As we move towards the U.S. presidential election in November, we’d be remiss not to anticipate a spike in politically motivated data breaches – targeting US voters in particular, but we expect to see such campaigns married in other countries as well.
In order to mitigate possibilities for data breach, government entities and private sector companies should take the following measures:
- Restrict access to databases to relevant users and services only. More specifically, it is advised to configure the firewall system accordingly.
- Credential and permission management of all users and services accessible to the database.
- Utilizing “read-only” permission on relevant resources within the database.
- Encrypt the database.
In order to be able to recover from a data breach, it is advised to record all database transaction logs to look for data corruption or altering. Furthermore, it is strongly recommended to have a backup of the database.
If you have any question son any of these suggestions, or anything mentioned in this post, we’d love to hear from you – please drop us a line at firstname.lastname@example.org!