Who Is

watching out for you?

In today's world you need to understand a few more things...

Who Is

knocking on your virtual front door?

It could be someone down the block or from the Bloc

Four realities of cyber security

Diana Kelley, IBM

13-January-2016 Gathering data from around the globe

Gathering information from all of its internal research teams around the globe – Deep and Dark Web, malware, and many more – IBM Security has published its Q4 IBM X-Force Threat Intelligence Quarterly report.

“Our research teams are seeing activity in campaigns in translation,” said Diana Kelley, Executive Security Advisor, IBM Security. “They’re sending the phish in the targets’ native language so they’re more likely open it. For example, the Rovnix in aggressive attacks on Japanese banks.

“They’ll look at the trigger list that tells the malware what to do and where to look, so we can see what companies are the targets. They’re fully crafting the attack. That’s one research group.”

Another in Germany looks at which IP addresses are good and which are responsible for sending spam, malware, and other attacks. If the point of an address is delivering payloads, are there a thousand good ones behind that and only one is bad?

“Our X Force Team and Global Managed Security Services team gives insight into what attacks are going on,” Kelley said. “Our First Responders help understand what happened and how to recover. That lets us see exactly how the attackers got in.”
The Q4 report focuses on four areas…

1. Onion-layered attacks
a) Coming out of Tor. “We don’t see much good ever coming out of Tor,” she said.
b) As you’re looking at incident A you discover an even more damaging attack B. Through chain attacks a criminal can get more.

“We found 90% of website vulnerabilities are WordPress plugins,” said Kelley. “Attackers may have an exploit kit that works those. Such a simpler, more automated attack gets in. Once on the network the attackers can see more and accomplish more.”

Using an old vulnerability on what you don’t think of as an important device/service, the attacker comes to gain more awareness of your network and launch a more complex campaign. Therefore it’s very important to keep all of your systems patched.

Another example is a DDOS attack, which is fairly easy to execute and incredibly disruptive. It’s a great smokescreen and distraction to allow a completely different attack.

In the Dyre Wolf campaign for example, IBM found after the money was transferred a DDOS was launched. You think it’s not a sophisticated attacker, but it could be a very sophisticated attacker using it as a distraction.

2. The prevalence of ransomware. “This is an absolutely massive problem she said. “It’s even cleverer, not just encrypting the data on your machine, but also on the network share and the backup system.”

3. Malicious insiders – within your company intentionally doing harm. Attackers are getting themselves hired at target companies and partners.

4. Management and the C-level are more aware and security savvy. They’re getting more sophisticated in understanding security and attacks.

“We are seeing peers in the news,” said Kelley. “If Bank A has a breach, Bank C and D ask their IT if they’re also vulnerable. It’s partly awareness and partly the impact. Not just disclosure, but all kinds of legislation. The FTC has gotten aggressive when looking if companies are keeping information private on the web and mobile. And they require 20 years of assessment to ensure compliance. That in addition to the fine makes companies take notice of security.”

See an infographic of the four here.