The past year saw organizations struggle with third-party issues as malicious actors shifted their tactics towards weak points in the supply chain and exploited the interconnected nature of cybercrime, according to a new report from SurfWatch Labs.
“One of the most telling statistics in all of SurfWatch Labs’ evaluated cyber threat data is the rise of CyberFacts related to third parties,” the report stated. “The second half of 2016 saw the percentage of targets publicly associated with third-party cybercrime nearly double compared to the same period in 2015. It is clear that malicious actors are looking for any opportunity to exploit poor cybersecurity practices, and the supply chain provides an abundance of opportunity for cybercriminals to do so.”
SurfWatch Labs annual threat intelligence report, Rise of IoT Botnets Showcases Cybercriminals’ Ability to Find New Avenues of Attack, was based on more than a hundred thousand CyberFacts collected against more than 6,000 targets – 4,066 targets publicly associated with cybercrime and an additional 2,395 observed being discussed on the dark web.
Cybercrime in 2016
Cybercrime is increasingly interconnected, the report noted, and the effects of a data breach or poor cyber hygiene at one organization often move through supply chains to impact other connected organizations. That was true when it came to the growing number of compromised Internet-of-Things devices, which we wrote about last week, and it was true for a number of other cybercrime events as well.
- Previously stolen employee credentials were fed into remote access services in order to compromise new organizations.
- Data stolen from one organization went on to have significant economic, political and reputational impact on other parties.
- Threat actors used information obtained in previous attacks to establish trust and legitimacy in social engineering campaigns that lead to new data breaches.
- Those new data breaches, some of them truly massive, led to even more private information entering the public domain.
That ripple effect was evident in many of the year’s top trending data breaches.
Breaches at Yahoo, LinkedIn and others collectively accounted for well over two billion passwords being fully or partially exposed, as well as the exposure of some users’ security questions and answers. The massive breach at Panamanian law firm Mossack Fonseca led to ongoing international probes as well as the Prime Minister of Iceland stepping down. The breach at the Democratic National Committee took center stage on the campaign trail as leaked emails and other cybersecurity issues helped to shape, in part, who would be the next president of the United States.
“The amount of private data circulating among cybercriminal groups combined with an environment in which organizations are providing more points of access for customers and employees means that many organizations are more exposed than ever,” the report stated.
Key trends and statistics from SurfWatch Labs’ 2016 cybercrime data include:
- More cybercrime tied to third parties: SurfWatch Labs analysts contribute this third-party growth to the expanding ecosystem of partners and suppliers that provide various products and services. This business model requires a natural need to extend the “level of presence” of organizations by sharing or fully outsourcing the creation and management of sensitive data, increasing the chance of a compromise.
- Compromised credentials surged: The amount of publicly exposed user credentials grew significantly in 2016. SurfWatch Labs collected data on more than 1,100 organizations associated with the “credentials stolen/leaked” tag across both public and dark web sources over the past year, up from 828 last year.
- Healthcare led way for supply chain cybercrime: SurfWatch Labs collected data on more targets tied to third-party cybercrime in the healthcare facilities and services group than any other, although the numbers may be skewed due to more strict reporting requirements in the sector.
- Infected IoT devices led to increased service interruption: Over the past two years, the “service interruption” tag has typically appeared in approximately 16% of the negative CyberFacts collected by SurfWatch Labs. However, that number jumped to more than 42% over the last half of the year due to growing concern around IoT-powered botnets such as Mirai.