Today marks our strategic move from CyberARM to Cytegic.
Highlighting our focus on Cyber Strategy we decided to change the name of the company to Cytegic. Cytegic represents the advantage and added value we have in the world of Cyber Strategy. We continue to put highest emphasis on helping our customers and partners to be better-prepared for the ever-changing global threat landscape.
Considering that Cytegic is not yet a well-versed common English word, we found it helpful to provide you with the lexicon:
Cy-te-gic /pronounced: sʌɪ-ˈtē-jik/ adjective: A plan of action or strategy designed to achieve a long-term and overall successful Cyber Security Posture Optimization – “That firm made a wise Cytegic decision”.
In the past month, Cytegic’s CIAC has observed the following events and developments which are either indicators of trends, independent significant issues, or are important enough to inform our customers:
- The Target Data Breach: As a direct continuation of last month’s most significant trend – large-scale theft of PII – retail giant Target was attacked and some 40 million customer credit and payment cards and details were stolen. Some of the cards have already started selling on online black-markets. We believe that the PII theft trend will continue its rise and pose a major threat in next months. All companies that hold large amounts of classified customer data should consider themselves under threat.
- The 2 Million Password Database: Earlier this month, researchers have uncovered a database containing passwords and details of about 2 million Facebook, Twitter and Google accounts. The attackers used the Pony Botnet, a powerful and fairly easy to use (and to purchase) key-logging and spying malware. We have been following a rising trend, which we have written about in the past, of attacks on IT companies, social media sites and individuals in large quantities, in order to copy and steal credentials. These credentials are later used to commit fraud or sold on black-markets.
- Pakistan-India – the Largest Low-Profile Cyberwar in the World: One of the largest and most active cyberwars in the world in the past year has been the one between India and Pakistan. While most of the attacks, done on a daily basis, are performed by political activists and sensationalists, some suggest that some of the attacks have been nation-backed. Despite the fact that this cyberwar is constantly active, there has been little publication regarding it. Nevertheless, international companies that are active in the Indian and Pakistani markets should consider themselves at risk of being targeted. Accordingly, these companies should perform the necessary measures to protect their systems (i.e. implement DoS mitigating tools, in addition to database hardening and strong anti-phishing controls).
- Cryptolocker Copycats Emerge: As we have predicted in our last report, due to Cryptolocker’s huge success, a new wave of copycat ransomware which encrypts files on the infected computers, has begun to emerge this month. The most active copycat ransomware is named Locker, and is largely based on Cryptolocker. It spreads through drive-by-downloads and infected emails. While Cryptolocker is most likely operated by a Russian or eastern-European organized-crime syndicate, the new copycats are probably operated by individual financial hackers from different countries. Safeguarding sensitive data through malware defenses, hardening and continuous backups is critical. Hardening end-points against introduction of malware is always appropriate, together with training employees on how to avoid such malware.
- New Research Shows 91% of Attacks on Large Organizations Include Phishing: Email security vendor, Proofpoint, published a research paper highlighting the significance that Phishing plays in attacks on large organizations. We have raised this flag a few times in past reports and this research backs our publications. Phishing and Spear-Phishing are becoming a major attack vector, mainly acting as a breach point to gain access to secure networks. It has become a TTP used by all types of attackers, from Political Activists using it to deface sites, financial hackers trying to gain access to financial system and even nation-states trying to commit “cyber-espionage”. This is a recent development, as Financial Hackers and Organized Crime historically used phishing of existing web-sites to steal credentials, and nation-states used spear-phishing to introduce malware. Now it seems that most threat agents have learned to use phishing as a means to introduce malware and conduct APT-style attacks.
- Microsoft and Europol take on ZeroAccess: This month, Microsoft continued its Sisyphean battle against the large ZeroAccess botnet. Microsoft have been battling this botnet for the past year, sometimes more successfully than others. This month Microsoft teamed up with the FBI and Europol for a large takedown operation, and unlike the previous attempts, they may have succeeded. We believe it will take at least another month to see if the operation was indeed a true success, but for the time being the botnet’s activity is at an all-time low. Given past experience in botnets takedown, we believe a replacement botnet’s development is already underway as this area is very much like a “whack-a-mole” game.
If you wish to receive our full monthly intelligence updates, please visit: http://cytegic.com/contact_us.html