POS System and Critical Infrastructure Attacks, Hactivism Pose Top Cyber Threats

Maintaining enterprise security only gets more difficult, as additional means of cyberattack and increasingly sophisticated techniques are added to attackers’ arsenal.

“Our personal and professional attack surfaces have never been greater, and they are only expected to grow as organizations and individuals continue to increase their reliance on the digitally connected world for a variety of tasks,” explained researchers from network infrastructure and security services company Verisign. “Security practitioners must not only protect their enterprise assets, but also guard against threats to their supply chain and other business ecosystems. These threats, coupled with the cyber threat landscape’s continuous evolution in terms or actors, tactics and motivations, have created a situation where organizations must now move toward an intelligence-driven, holistic security approach to keep pace with the rapid changes in attackers’ tactics, techniques and procedures (TTPs).”

According to Verisign’s “2015 Cyber Threats and Trends: What You Need to Know to Protect Your Data,” the top cyberrisks from 2014 and the first half of 2015 came from:

  • attacks on point-of-sale (POS) systems
  • banking trojans and downloaders
  • various forms of hacktivism
  • critical infrastructure attacks
  • open-source software exploitation
  • vulnerability research “crowdsourcing”

Check out the infographic below for some of the report’s key insights into the top cyberthreats and the biggest vulnerabilities for enterprise security:

verasign cyber threats trends 2015

DDoS Attacks Cost Businesses $40,000 an Hour

One of the most common weapons in the cybercriminal’s arsenal is the DDoS attack. According to the network security experts at Digital Attack Map, “A Distributed Denial of Service (DDoS) attack is an attempt to make an online service unavailable by overwhelming it with traffic from multiple sources. They target a wide variety of important resources, from banks to news websites, and present a major challenge to making sure people can publish and access important information.”

While many have heard of these attacks or suffered from the outages they cause, most people do not understand the true business risks these incidents pose. To get a better picture of the threat, Internet security firm Incapsula surveyed 270 firms across the U.S. and Canada about their experiences with DDoS attacks. On average, they found, 49% of DDoS attacks last between 6 and 24 hours. “This means that, with an estimated cost of $40,000 per hour, the average DDoS cost can be assessed at about $500,000—with some running significantly higher,” the company reported. “Costs are not limited to the IT group; they also have a large impact on units such as security and risk management, customer service, and sales.”

Check out the infographic below for more of Incapsula’s findings on the actual costs of DDoS attacks:

DDoS Attacks “Have Never Been Easier to Launch”

As was heard throughout the speeches, sessions and networking chatter at the recent RIMS 2012 Annual Conference & Exhibition in Philadelphia, the biggest worry to business owners, CEOs and managers is that of cyber threats. And rightly so. It seems like each day we are inundated with reports of a new way hackers can gain control of company information and/or take down systems. Today is no exception.

This morning, Prolexic Technologies released a threat advisory on the use of booter shells, which allow hackers to readily launch DDoS attacks without the need for vast networks of infected zombie computers.

“Increased use of techniques such as booter shells is creating an exponential increase in the dangers posed by DDoS attacks,” said Neal Quinn, chief operating officer at Prolexic. “For hackers, DDoS attacks have never been easier to launch, while for their victims, the power and complexity of attacks is at an all-time high. The threat of a DDoS attack has never been more likely or its potential impact more severe. We’ve entered the age of DDoS-as-a-Service.” The increased use of dynamic web content technologies, and the rapid deployment of insecure web applications, has created new vulnerabilities — and opportunities — for hackers to use infected web servers (instead of client machines) to conduct DDoS attacks. Traditional DDoS attacks make use of workstations infected with malware, typically infected through spam campaigns, worms or browser-based exploits. With these traditional tactics, hackers needed multitudes of infected machines, to mount successful DDoS attacks.

Where boot scripts differ is in the fact that they are standalone files, meaning DDoS attacks can be launched more readily and can cause more damage, with hackers using far fewer machines. Even more alarming, people don’t need as much skill to launch such attacks. A DDoS booter shell script can be easily deployed by anyone who purchases hosted server resources or makes use of simple web application vulnerabilities (i.e., RFI, LFI, SQLi and WebDAV exploits). This, in essence, puts attacks within reach of even novice hackers. Companies should take note, especially financial firms.

According Prolexic’s quarterly global DDoS attack report released a few weeks ago, there was an almost threefold increase in the number of attacks against its financial services clients during Q1 compared to Q4 2011. “This quarter was characterized by extremely high volumes of malicious traffic directed at our financial services clients,” said Neal Quinn, Prolexic’s vice president of Operations. “We expect other verticals beyond financial services, gaming and gambling to be on the receiving end of these massive attack volumes as the year progresses.”

So what should companies do to protect their information and IT infrastructure? Though organizations can never be 100% protected from an attack, they can help by continuously testing proprietary web applications, as well as constantly testing known vulnerabilities in commercial apps.