We publish our Cytegic Intelligence Reports (CIRs) to provide a big picture view of the global threat landscape. Our analysts identify and analyze trends by comparing cyber activity across regions and industries worldwide. While we publish them monthly as stand alone reports, our customers use them in conjunction with our cyber security management platform in order to make more informed, strategic decisions about how to manage cyber risk.
With dozens of threat intelligence vendors offering a wide array of solutions, it’s important distinction to keep in mind. Our Intel is not meant to be a feed embedded into a SIEM (or some other product) to trigger a configuration change to a web server. It’s meant to help organizations assess the maturity and effectiveness of their security controls in order to better manage external (and internal) cyber risk.
With that being the case, the trends we call out may seem like common sense to security professionals that spend a substantial amount of their time “in the trenches.” However, we are not calling out the obvious – we’re confirming it based on historical data.
We publish these reports monthly, but our analysis and any predictions we make are based on trends that unfold, or events that consistently reoccur over time. This leads us to the highlights of our March CIR.
A few weeks ago, we published a special analysis of cyber activity in wake of the Brussels terror attacks. The predicted uptick in cyber activity following the attacks occurred, confirming a key hypothesis of ours regarding cyber activity patterns in relation to physical terror attacks.
Here are the key findings from the March CIR:
- From March 22 to 26, there was in fact heighted cyber activity worldwide, confirming that terrorist attacks impact cyber activity in a global basis or at least across the same geo-political region. This month we saw a 17% increase in activity over last month, With North America being the most active region, Middle East being the second most active, and most interestingly, Western Europe coming in third, which given the Brussels attacks is both unusual and unexpected.
- With a 64% spike in activity, The Middle East made the top two most cyber-active regions for the first time ever in the two years we have been tracking global cyber activity. We can only speculate that global events such as the U.S. indicting both the Syrian Electronic Army hackers (who made the FBI’s most wanted lists) and the Iranian hackers that targeted U.S. banks and a New York dam may have played a part in that.
- Client (or customer) data is continuing its trend as the most sought-after asset in North America, followed by monetary value and available services to clients. On the Dark-web, however, payment cards were the predominant targeted asset this month, highlighting the tendency of cybercriminals to criminals to “follow the money.”
The March 2016 CIR can be found at http://cytegic.com/wp-content/uploads/2016/02/DyTA-Intelligence-Report-March-2016.pdf.
To be added to our direct distribution list, please email CIR@cytegic.com.
By Liran Tzah