The recent high-profile data theft incidents at retailers Target, Neiman Marcus and others have brought attention to a trend we have been reporting on for a while: the rising sophistication of financially motivated hackers, and the rise in data-oriented attacks.
Financial Hackers and Organized Crime are perpetrating multi-stage attacks that involve multiple organizations on a single supply chain. The attacks rarely use zero-day (unpatched) vulnerabilities to get in. More often, they take advantage of security “soft-spots” such as vendor access and phishing. Once inside, polymorphic malware, often generated through Crimeware kits, steal data at rest or in use. Encryption of data for extortion through ransomware is also a rising monetization tactic against organizations. Recent successful ransom campaigns have proven the feasibility of conducting such attacks.
Organizations need to maintain constant awareness of these threats and attack-vectors to tune their security posture. Strategically, this means planning ahead controls implementation and improvement based on actual intelligence.