Home page logo

dataloss logo Data Loss mailing list archives

Biggest corporate security threats
From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Mon, 6 Jan 2014 17:52:47 -0700


Kaspersky Lab recently published a report which provides an overview of the
biggest corporate security threats of 2013.

According to the report, companies are increasingly falling victim to
cyber-attacks, with 91% of the organisations polled suffering a
cyber-attack at least once in the preceding 12-month period.

9% of businesses were the victims of targeted attacks – carefully planned
activity aimed at infecting the network infrastructure of a specific

“The extensive use of digital devices in business has created ideal
conditions for cyber-espionage and the deployment of malware capable of
stealing corporate data,” Kaspersky Lab said.

“The potential is so great that malicious programmes may soon completely
replace company insiders as the way of gathering information.”

Kaspersky Lab’s main corporate findings of the year are:

- spyware-led attacks related to various governments were revealed;
- most cyber-criminal incidents were aimed at stealing information;
- attacks on contractors were identified, instead of reaching big
organisations; and
- new actor on the APT stage appeared: cyber-mercenaries conducting
cyber-espionage on demand.

The parties concerned and the attackers’ goals

2013 saw some major disclosures about spyware-led attacks that were
related, directly or indirectly, to the activities of various governments’

Other significant actors on the corporate cyber threat scene were
businesses that turned to cyber-criminals to penetrate their competitors’

Outsourced cyber-criminal forces performed operations that were usually
aimed at stealing information.

Other attacks were based on sabotage – using malicious programmes to wipe
data or block infrastructure operations. Some special Trojan programmes
were capable of stealing money via online banking systems.

Cyber-criminals could also compromise corporate sites and redirect visitors
to malicious resources, damaging a company’s reputation.

Financial losses were caused by a DDoS attack, which can close down a
company’s public-facing web resources for several days.

Clients start looking for a more reliable company, which results in
long-term financial losses.

The rise of the cyber-mercenaries

Over the past few years, Kaspersky Lab’s experts have observed big and
noisy APT gangs all over the world targeting large numbers of organisations
from almost all sectors.

They stayed in compromised networks for weeks and even months at a time,
stealing every shred of information they could get.

However, that approach stands less and less chance of going unnoticed for
long, damaging their prospects of success.

That’s why a new emerging trend is witnessed: small hit-and-run gangs that
attack with surgical precision. They appear to know very well what they
need from the victims.

Basically, these kind of attackers come, steal what they want and leave.
Kaspersky Lab’s experts have named them “cyber-mercenaries” – an organised
group of people conducting cyber-espionage/cyber-sabotage activities on
demand, following the orders of anyone who pays them.

Icefog, which was recently discovered, appears to be an example of this –
an APT campaign in search of specifically required data.

Manual analysis of the data stored in corporate networks was used with the
help of remote-access technologies integrated into malware on infected
workstations. Subsequently the cyber-criminals selected and copied the
documents that they wanted.

Kaspersky Lab’s analysts expect this trend to grow in future, and more
small groups of cyber-mercenaries will be available for hire to perform
surgical hit-and-run operations.

Consequences of government-related disclosures

The infamous disclosures of 2013 could potentially lead to a kind of
de-globalisation and greater interest in creating national equivalents of
global services.

Those new national software products and services delivered by local
manufacturers may not be of the same quality as those of the larger
international companies.

The investigation of cyber-attacks suggests that the smaller and less
experienced the software developer is, the more vulnerabilities will be
found in its code. As a result targeted attacks become easier and more
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 


Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security offers security intelligence, risk management services and customized security solutions. The 
YourCISO portal gives decision makers access to tools for evaluating their security posture and prioritizing risk 
mitigation strategies. Cyber Risk Analytics offers actionable threat information and breach analysis.

  By Date           By Thread  

Current thread:
  • Biggest corporate security threats Audrey McNeil (Jan 07)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]