A new episode of the SurfWatch Cyber Risk Roundup has been posted, Episode 66: Big Breaches, Badlock Revealed and More Class-Action Updates:
A hacking group leaked data from the Philippines’ Commission on Elections, which impacts 55 million registered voters. National Childbirth Trust announced a breach affecting 15,000 new and expecting parents. Several more W-2 related breaches made headlines. An FDIC employee accidentally walked out with 44,000 customers’ information. CoinWallet announced plans to shut down its services following a cyber incident. On the advisory front, the details of the Badlock bug were finally revealed, there was a new evolution in Locky ransomware, more phishing attacks were discovered, malvertising hit Dutch websites, and Windows XP, which has not had support for two years, is still being widely used. The week also saw legal developments regarding Mossack Fonseca, Sony Pictures, Wendy’s, and more. Finally, four radio stations found themselves broadcasting some strange content after being hacked.
Listen to the podcast via the player below, or learn more about SurfWatch Labs podcasts on our podcast page.
This real-life case study will contain some info, but not all – to protect individuals’ personally identifiable information – as well as our intelligence collection sources – with our goal of highlighting the importance of having visibility into your supply chain cyber risks. In the beginning of April 2016 SurfWatch Labs threat intelligence analysts uncovered a breach into web hosting provider Invision Power Services, whose customers include some professional sports leagues as well as major media and entertainment companies.
The actor, going by the name AlphaLeon, is associated with both the AlphaBot and Thanatos trojans – early strains of these pieces of malware appear to date back to early 2015. AlphaLeon has been known to sell access to these trojans on the dark web. While the actor has not been a seller for very long, the group’s experience and presence indicates they have been active in this space for more than five years – including multiple dark web and open web forums.
After discovering information related to the latest activity of this actor, we alerted Invision Power Services (IPS) who had not yet detected this compromise. We worked with them to validate that the actor appeared to have established a presence within the managed hosting environment that Invision Power Services operated via Amazon Web Services (AWS).
It is our understanding that IPS is still working through their own internal investigation into the incident and additional information may be uncovered, but it appears that the initial cause of the compromise was most likely the result of unpatched software. AlphaLeon indicated that this access, which affected multiple high level brands, would allow them to install Exploit Kits with the purpose of infecting users visiting these sites with their trojan. This would grow the group’s botnet further, which would in turn be sold via various underground markets. The trojan appears to be capable of:
Stealing banking credentials and bitcoins
Gaining (and selling) webcam access
Delivering ransomware
Sending spam
Stealing gaming credentials
Distributed Denial of Service
As of the date of this post it does not appear that AlphaLeon has initiated this specific campaign.
This case study highlights three primary things:
This is a classic case of supply chain risk management. Invision Power Services is a supplier to some of the largest brands. These companies entrusted their web hosting provider to perform a reasonable service based on whatever contractual agreements were in place. Even if the impacted companies are not at fault, they still have their own customers and their brand and reputation to protect. If you are going to outsource a service that has cyber risk tied to it, you are outsourcing a portion of your brand and reputation in some way shape or form and you need to keep some eyeballs on that supply chain.
Having a dark web intel capability is an important component of your overall cybersecurity efforts. In this situation, a bad actor was observed in a dark web forum. This source was key to gaining intel that was not available through normal open channels. The dark web is certainly not the only source you should be pulling from in your intel efforts, but it is an important area for which you should have a collection capability.
The intel process works. SurfWatch Labs analysts observed discussions that concerned us, we notified the victim hosting provider, they confirmed the issue and started to react. That is what is supposed to happen.
As you outsource capabilities to other vendors, your cyber risk exposure expands. Make sure you cast a wide net in regards to your intelligence collection capabilities. It is critical to understand this and to keep a watchful eye on not only your internal environment, but that of the vendors you do business with.
We’re already a quarter of the way through 2016, and a clear trend is the rise of social engineering. Based on the cyber event data that we’ve collected, roughly 25% of all targets can be tied to a social engineering attack. This is the highest percent we’ve seen since the beginning of 2015, and over the last 6 months the share of social engineering attacks have doubled.
Just a few examples of common social engineering practices include:
Phone calls from a “Microsoft customer support representative” who needs remote access to your computer to fix an issue
Leaving an infected USB stick in a parking lot that when found and inserted into a computer by an unsuspecting person, malware/spyware is dropped onto the machine
However, the largest percentage of social engineering attacks (25%+) revolve around different types of phishing. While email is the most common delivery method, phishing attempts are made through text messages, Facebook, etc.
Over the weekend I received several phishing emails from individuals I know. These emails weren’t spoofed to make it look like they were coming from people I know, but actually sent from their email accounts without their knowledge.
The emails were both related to a “signed document” that needed my attention — except I had no previous knowledge any e-docs to sign should be coming my way. Of course, that’s because they should not have been coming at all.
Having been in the security industry as long as I have, I am cautious (or some would say paranoid) — especially compared to friends and family who say they “get it,” but don’t really. Even still, these emails came from legit addresses from people within my circle, and the content within the emails also looked reasonable. Luckily, I knew better, but many don’t.
Here are some quick security tips to consider when it comes to phishing attacks:
Watch out for spoofed email addresses. Confirm the sender of the email is an address you recognize/know. Don’t just check the name in the “From” field, but actually look at the email address. This tip would not have made a difference in the instance above, but it is still a good way to catch a phishing email.
Do not blindly trust links within an email. Banks and credit cards are usually pretty good about directing you to type in the url to go to their homepage and how to navigate to a specific place if necessary, as opposed to including links in their communications to you. This is a good practice to follow with any emails that include links. In my situation the links sent looked like DocuSign links, with familiar DocuSign branding and all. But it was missing the security code. Links can also be spoofed, so make sure you know what it is you are clicking on before you click.
If you have any questions, pick up the phone. Is a vendor asking you to provide information or is a contact of yours asking you to click on a link? Questioning it is good. Call the vendor or individual and have them confirm.
Social engineering is one of the trickiest types of attacks to prevent because it plays on human nature and less on technology. Looking at the intel so far in 2016, the bad guys are going back to a tried and true method for gaining access to sensitive information. Be aware and think before you click.
U.S. Cyber Command has its “first wartime assignment” in the fight against ISIS, Secretary of Defense Ashton Cater told an audience at the Center for Strategic and International Studies last Tuesday. That cyber fight includes techniques to disrupt the group’s ability to communicate, organize and finance its operations.
On the same day, head of U.S. Cyber Command Admiral Michael Rogers told the Senate Armed Services Committee that among his biggest fears are the possibility of groups like ISIS manipulating electronic data records, impacting critical infrastructure such as the electrical grid or air traffic control systems, and using cyber tools “as a weapons system.”
The week’s news capped off a period of increasing discussion around cyberwarfare and cyber-terrorism.
It’s an issue that organizations need to be aware of, said cybersecurity and counter-terrorism expert Morgan Wright, who discussed the topic on this week’s Cyber Chat podcast.
“It is a different animal,” Wright said. “Companies really need to understand the implication of the difference between just cybercrime and cyber-terrorism because it will make a difference in how you respond.”
The Cyber-Terrorism Threat
The December 2015 cyber-attack in Ukraine, which affected electricity for 225,000 customers, was unique in that it’s the first confirmed attack to take down a power grid. In addition, just last month the U.S. officially charged an Iranian with access to a computer control system for New York’s Bowman Avenue Dam. Luckily, a gate on the dam had been disconnected for maintenance issues; otherwise, the hacker could have operated and manipulated the gate, authorities said.
Wright agreed with other experts that the BlackEnergy malware used in the Ukraine attack is a bigger issue than other often-cited critical infrastructure threats such as Stuxnet.
“It’s in this country, and we talk about it but we don’t really take it seriously,” Wright said. “[BlackEnergy] could actually be a terrorist — a cyber-terrorism — type of tactic. … Let’s say that a group like Al-Qaeda or ISIS gets ahold of this and they decide they want to take out part of our power grid.”
But it’s not just critical infrastructure operators who need to be concerned about cyber-terrorism, he added. Organizations, particularly those with ties to often-targeted states such as Israel, need to be aware of those risks.
Businesses need to examine their geopolitical footprint, Wright said. Where are you operating, what types of things may be impacted if you are targeted by some of these organizations, and how can you better prepare to defend against those potential threats?
The Researchers Who Cried Wolf?
There have been a few headline-grabbing events tied to cyberwar and cyber-terrorism, but when compared to traditional cybercrime events, the former threat can appear rather sparse.
When asked about fatigue or backlash from researchers warning of these types of threats, Wright attributed the problem to lack of imagination.
“Plots can take years to develop,” he said. “What I tell people is that just because you can’t imagine it happening right now doesn’t mean it’s not being worked on — it’s not being plotted for.”
As an example he highlighted the recent cybersecurity issues facing the automobile industry. Years before, he said people accused him of fear mongering for bringing up those very issues.
“Now the entire automotive industry is up in arms,” he said.”Guess what? Three years ago they couldn’t imagine that happening, and for 15 years the automotive industry did absolutely nothing.”
In the end though, although cyber-terrorism motivations may be different from cybercrime, the defense is similar.
“You still respond to it. You still prepare. Only later do the motivations really make a difference in terms of what could we have done detect this or prevent this.”
Listen to the full conversation with Morgan Wright for more about cyber-terrorism, the threat of groups like ISIS and his cybersecurity “rules of the road”:
About the Podcast In an interview last week, U.S. Secretary of Defense Ashton Carter confirmed he had given U.S. Cyber Command its first wartime assignment and that the team would start launching online attacks against ISIS. The announcement comes after several months of news and debate about the issue of cyber-terrorism.
On today’s cyber chat we talk with cyber-terrorism expert Morgan Wright, who has nearly two decades in state and local law enforcement and has previously taken on roles such as a senior advisor for the U.S. State Department Anti-terrorism Assistance Program. We talk about the threat of cyber-terrorism, recent attacks against critical infrastructure, and how groups such as ISIS are impacting the cyber threat landscape.
The password: love it or loathe it, this concept and practice have been a cornerstone of basic security for a long time. After covering cybercrime for the last few years, I have come to the conclusion that people hate passwords.
Let’s examine that – why do people hate passwords?
“I think people hate passwords because it’s something else to remember – and something else to forget,” said Aaron Bay, Chief Analyst for SurfWatch Labs. “The need to protect ourselves, and our information, has snowballed into this large, terrible thing we have in place now. Hardware and software have been developed to combat it, but there is still the problem of now someone else is in control of your access.”
Bay points to the compromise of the RSA’s SecureID and the recent vulnerability found in the password management program KeePass to further explain the complications of passwords.
“In 2011, the RSA SecureID was compromised, and the thousands of organizations – including the U.S. Government – that relied on their tokens were now at risk. The password manager KeePass recently had a flaw discovered that allowed attackers to steal passwords directly from the database. These are two examples where these beneficial systems have failed. It is safe to say that these systems, and others, will fail again at some point in the future.”
Without using programs to help with the process of utilizing strong passwords, the practice can be daunting. Listeners of the SurfWatch Cyber Risk Roundup who are familiar with our “Funny Story of the Week” have heard us talk about bad password practices. While some of the most common passwords are viewed in a humorous nature – “123456” tops the charts every year – there is a real security concern with this trend.
The Password Reuse Problem
The main problem is one of volume. Websites, work accounts, devices, iPhone or Android apps, and even credit cards all require passwords or pins. As a result of people reusing passwords, a number of companies have made headlines for cyber incidents, despite the fact they weren’t actually breached.
Amazon: “We discovered a list of email addresses and passwords posted online. While the list was not Amazon-related, we know that many customers reuse their passwords on multiple websites. … We recommend that you choose a password that you have never used with any website.”
United Airlines: “We recently learned that an unauthorized party attempted to access your MileagePlus account with usernames and passwords obtained from a third-party source. These usernames and passwords were not obtained as a result of a United data breach and United was not the only company where attempts were made.”
Uber: “We investigated and found no evidence of a breach. … This is a good opportunity to remind people to use strong and unique usernames and passwords and to avoid reusing the same credentials across multiple sites and services.”
Dropbox: “Recent news articles claiming that Dropbox was hacked aren’t true. Your stuff is safe. The usernames and passwords referenced in these articles were stolen from unrelated services, not Dropbox. Attackers then used these stolen credentials to try to log in to sites across the internet, including Dropbox.”
“Password reuse is very common and more often than not leads to additional compromises when peoples’ passwords are exposed in the latest data breach,” Bay said, adding that each website having slightly different requirements also makes it harder for users to create unique passwords they can remember. “We not only have to remember the different passwords, when we have to change our passwords we have to remember the rules and make sure the new password doesn’t break them.”
I think everyone understands that remembering passwords can be a hassle. Some people attempt to circumvent this step and simply write the password down next to their work terminals, but that completely negates the point of a password as it is now in view for everyone to see. If you don’t think your co-workers are capable of utilizing your password for malicious purposes – as well as a practical joke – don’t be fooled. Several experts and reports have indicated that insider activity is one of the leading threats organizations face in combating cybercrime. According to SailPoint’s 7th Annual Market Pulse Survey, “1 in 5” employees share their passwords and login information with members of their team.
“Compounding the problem, 56% of respondents admitted to some level of daily password reuse for the corporate applications they access, with as many as 14% of employees using the same password across all applications,” the survey found.
Moving Beyond Passwords?
What are the alternatives to passwords? Last year, Yahoo decided to create an option for users that would allow them to log into their accounts without using a password. Instead of a password, a link would be sent via text message to a user’s phone that would validate their access.
There is also the popular topic of biometrics. In a recent example, the U.K. bank Atom launched a biometric authentication tool that utilizes a customer’s face and voice instead of a password for validation. The option to use a password still exists and the new biometric method remains as an option for customers.
Biometrics seem to be a trend around the validation process, but passwords remain the authentication option at this time.
“Biometrics is now being regarded as ‘the next big thing’ to use to protect us,” Bay said. “When Apple introduced the fingerprint reader into the iPhone, biometrics were thrust into the public view. Millions of people, basically overnight, now had a fingerprint reader.”
Bay said the fingerprint readers do work and, for the most part, are secure.
“Is it perfect, not hardly. Is it the best we have, unsure. Is it better than many other implementations, yes, without a doubt. However, it still relies on hardware and software to be perfect. Unfortunately, history has shown that is not possible.”
Whether you like passwords or not, until a better, proven solution replaces this validation method it is imperative that your passwords are secure. This message needs to be communicated and driven home to employees – even if they hate passwords.
On Monday, March 28, MedStar Health was hit with a variant of ransomware known as Samas or “samsam.” The healthcare provider, which operates 10 hospitals and employs more than 30,000 people, quickly shut down all system interfaces. Communicating and scheduling became difficult. Staff reverted to paper records. Some patients had to be turned away.
Thus began a week of national attention as news outlets documented frustrated patients and employees, and a debate ensued around potential security flaws within MedStar.
“The issue with ransomware is of course now you’re talking about not availability, you’re talking about the data,” said Dan Holden, Director of Arbor Networks’ Security Engineering and Response Team, on our recent Cyber Chat podcast. “It is so critical, especially to these recent attacks — these hospitals. They can’t do anything without patient data or without documentation.”
Although MedStar was able to restore services without paying the 45-bitcoin ransom (around $19,000), the wide-reaching impact on business operations can make the decision to pay ransoms difficult for many providers, Holden said.
“It just puts them in an impossible situation,” he said. “In some cases you have to pay it because you simply are not able to recover any other way.”
Warnings About Samas and JBoss
Everything could have been avoided with a simple patch to update vulnerabilities found in a JBoss application server, according to the Associated Press. MedStar refuted the AP’s assertions that it ignored multiple urgent warnings dating back to 2007; however, the AP stands by its reporting.
The FBI warned of Samas, the very ransomware that appears to have hit MedStar, on March 25 — just days before the healthcare provider’s systems were impacted. The bureau first alerted organizations to Samas on February 18.
As Reuters reported, “The FBI said that investigators have since found that hackers are using a software tool dubbed JexBoss to automate discovery of vulnerable JBOSS systems and launch attacks, allowing them to remotely install ransomware on computers across the network.”
A Decade of Ransomware
Holden said ransomware attacks have risen considerably in 2016, a point echoed by SurfWatch Labs as well as an FBI agent at a recent talk.
“It’s likely,” the agent said, “that this will be the decade of ransomware.”
So far in 2016, the healthcare sector has been a major focus of that trend.
“What we’re seeing is the attackers chasing the soft underbelly if you will of the various verticals,” Holden said. “There’s a big, big difference between a Fortune 100 company and everyone else in their ability to defend themselves and respond. And that’s certainly the situation these hospitals are in. It’s going to take some time for them to properly defend and be able to respond to these things.”
Part of the issue is that the ransomware threat is different than other types of cyber threats organizations have spent years defending against.
“The investment model is potentially a little bit different there,” Holden said. “That’s why perhaps it’s so interesting right now.”
He added: “Detecting doesn’t get you anything. You either have to prevent or you have to respond. The moment you’ve detected it, it’s already too late.”
Listen to the full conversation with Arbor Networks’ Dan Holden about ransomware in the healthcare sector below:
About the Podcast Last week MedStar Health, which operates 10 hospitals and more than 250 outpatient medical centers in the Washington region, suffered a ransomware attack that disrupted their operations and put them front in center in the fight against cybercrime.
On Friday we spoke with Dan Holden, Director of ASERT, Arbor’s Security Engineering and Response Team. We chatted about how healthcare organizations are being impacted by ransomware, where that threat is headed, and how organizations can keep themselves safe.
A new episode of the SurfWatch Cyber Risk Roundup has been posted, Episode 65: Panama Papers, Never-Ending Ransomware and New Cyber Legislation:
This week saw a massive leak of 11.5 million documents from Panamanian law firm Mossack Fonseca, and that information is impacting politicians, business leaders and entertainers across the world. Among the week’s other trending cybercrime events were Turkish Citizens having their personal information posted online, more hospitals being hit with ransomware, another likely breach at Trump Hotel Collection, and vBulletin Forums being hacked. On the advisory front, new ransomware variants and WordPress attacks continue to make headlines along with a proof-of-concept Firefox extension vulnerability dubbed “extension reuse attack.” Legal developments include pending draft legislation on encryption, an amendment to Tennessee’s data breach notification law, and data breach lawsuit updates from Lamps Plus, Anthem and Intuit. Also, Microsoft discovered that teaching a bot to talk like a Millennial may not be such a good idea.
Listen to the podcast via the player below, or learn more about SurfWatch Labs podcasts on our podcast page.
In early 2015, the FBI issued a warning about the rise of ransomware attacks, noting that “there’s been a definite uptick lately in its use by cybercriminals.” A year after that warning we’re seeing a new surge in attacks, and concern over ransomware has risen sharply in the first quarter of 2016.
The number of ransomware-related CyberFacts collected by SurfWatch Labs has spiked dramatically to start the year.
Last year, the FBI explained that ransomware was continuing to evolve, writing that in the past “computers predominately became infected with [ransomware] when users opened e-mail attachments that contained malware.” That tactic had shifted and computers were now being easily infected using a “drive-by” method “where users can infect their computers simply by clicking on a compromised website, often lured there by a deceptive e-mail or pop-up window.”
The way cybercriminals demand ransom payments has also evolved. Initially, cybercriminals asked for ransom payments on pre-paid cards. Now Bitcoin has been implemented, a better option for criminals “because of the anonymity the system offers.”
SurfWatch Labs’ data identified 49 companies associated with ransomware attacks so far in 2016, although the total number of companies affected by this threat is likely much higher as many companies do not disclose these attacks — particularly if they choose to pay the ransom.
The healthcare sector in particular has been a focus of ransomware discussion this year.
The healthcare sector as well as technology platforms such as Apple and WordPress have been a focus of ransomware discussion in 2016.
The reason ransomware has continued to gain popularity is simple — it is a cheap tool that has a high profit margin. Not long ago, malware developers were selling Cryptolocker ransomware kits with source code included for just $3,000. It wouldn’t take long for a criminal to recoup that initial investment as the average ransom demand is anywhere from $300 to $500. Recently, Hollywood Presbyterian Hospital reportedly paid $17,000 after suffering a ransomware attack.
Trending Ransomwares in 2016
There are three variants of ransomware that have stood out in the beginning of 2016: KeRanger, TeslaCrypt and Locky.
Although there are many different types of ransomware, KeRanger, TeslaCrypt and Locky have been the most discussed so far in 2016.
KeRanger malware has received a lot of discussion due to its connection with Apple. Locky ransomware has been observed in several attacks in 2016, and TeslaCrypt, which has been around for more than a year, continues to evolve.
TeslaCrypt and Locky ransomware have steadily appeared in SurfWatch Labs’ data over the last two months. KeRanger ransomware made a big splash in the beginning of March.
KeRanger Ransomware
The newest addition on the list, KeRanger Ransomware, first made headlines in the beginning of March due to its accomplishments. It is the first ever fully functional Mac OS X ransomware in existence.
KeRanger was able to successfully infect a BitTorrent client used on OS X known as Transmission. More specifically, it infected Transmission version 2.90. Transmission has since warned users that version 2.90 was malicious and prompted users to download version 2.91.
TeslaCrypt Ransomware
TeslaCrypt Ransomware initially made headlines back in early 2015 for infecting computer gamers. Over the last year, TeslaCrypt has continued to evolve, with the latest version TeslaCrypt 4.0 released earlier this month. The ransomware is now capable of attacking organizations and home users.
The latest edition of TeslaCrypt features RSA 4096 for encrypting data. This feature makes decrypting data impossible. Tools developed to combat previous TeslaCrypt versions, such as “TelsaDecoder,” will not work with TeslaCrypt 4.0.
TeslaCrypt ransomware has evolved quickly. In just over a year, malware creators have been able to release four versions of the ransomware, each more sophisticated than the last version. If any weaknesses are found in TeslaCrypt 4.0, look for malware creators to move quickly in creating a new version addressing those weaknesses.
Locky Ransomware
Locky ransomware was discovered in February 2016. The ransomware works like most strains: it infects a user’s computer, encrypts the content on the computer, and then a ransom is extracted in order to decrypt the information. It is in the encryption step that the ransomware gets its name, as it renames all the user’s files with the extension .locky.
This ransomware is being distributed through malicious macros in Microsoft Word attachments. In typical cases, victims receive a spoofed email with a Microsoft Word attachment seeking some sort of payment for a service or product. When the attachment is clicked, a document appears with scrambled text. The user is then instructed to click an Office macro to unscramble the text, which leads to infection.
This ransomware variant made huge headlines for causing Methodist Hospital of Henderson, Kentucky, to declare an “internal state of emergency.” Fortunately, Methodist Hospital was able to regain their data without paying the cybercriminal’s ransom demand of four bitcoins ($1,600).
Being Prepared is Key
Although ransomware has been making headlines for the last few years, data from 2016 suggests more criminals are going to focus on this tactic and more organizations are going to be victimized. Businesses need to be aware of this threat and take action now to mitigate the effects of a potential attack.
As recent attacks have shown, the overall cost of a ransomware attack can be much greater than just the ransom demand.
Cybercriminals have shifted their focus away from stealing payment card data in favor of targeting personal information and directly extorting victims, according to a new report from SurfWatch Labs.
The trends aren’t surprising, said SurfWatch Labs chief security strategist Adam Meyer, who discussed the report on this week’s Cyber Chat podcast. Cybercrime is a business, and malicious actors gravitate towards the process that gives them the largest return on their effort.
While extortion is perhaps the most direct path towards monetizing cybercrime, stolen personal information has a long shelf life and can be easily sold or used for authentication purposes. It also tends to be the low-hanging fruit as retailers and financial institutions improve at preventing or minimizing the losses around payment card information.
“All these identifiers that make you ‘you’ can be used in 20 different ways to conduct an attack,” Meyer said. “It makes complete sense why we’re seeing this trend come up.”
While 2014 was dominated by headlines surrounding point-of-sale (PoS) breaches, only three PoS breaches cracked last year’s top 25 trending cybercrime targets: Starwood Hotels & Resorts (#14), Hyatt Hotels (#17) and Dixon’s Carphone (#23).
Altogether, SurfWatch Labs collected CyberFacts related to 4,562 distinct industry targets last year.
The top trending cybercrime targets last year — the United States Office of Personnel Management, Anthem, and Avid Life Media — all centered around the theft of personal information.
“A Failure of Corporate Culture”
The rise in stolen personal information can be attributed to failures at the top of many organizations, Meyer said.
The percent of CyberFacts collected by SurfWatch Labs tied to stolen information has risen steadily the past 18 months.
“The biggest vulnerability that we have in my opinion is outdated corporate culture,” he said. “They completely have their heads in the sand about what’s going on in the world.”
Despite all of the recent headlines around cybersecurity, many organizations still do not adequately assess their level of cyber risk and take the necessary precautions.
“No one is really trying to solve this problem at the decision maker level,” Meyer said. “The organizations are falling down on educating themselves on these issues until its too late.”
He added: every organization is a custodian of data, and the first step to mitigating cyber risk is to put a thought process in place assessing the risks facing your data, your infrastructure, your industry, and your partners and suppliers.
Dark Web and Other Cyber Risk Trends
Dark Web markets can provide valuable insight into many cybercrime trends.
“The black market is a great resource to look at what is the typical state of the underground economy,” Meyer said. “You can see what’s being bought and sold. You can see what prices they’re generating. You can see the tempo and the supply and demand aspect of things, and you can use that information to compare against where would you fit in that.”
Unfortunately, there’s not enough education on what happens to data once it is stolen, he added.
“This is where the stuff goes most of the time, and we’re not educating anybody on where it’s going and why it’s going there. And people just keep repeating the mistakes over and over and over.”
About the Podcast: SurfWatch Labs recently released a threat intelligence report detailing cyber risk trends. They noted that cybercriminals have shifted their targets over the past year from focusing on credit card information at financial institutions to increasingly stealing personal information across a swath of industries.
On today’s Cyber Chat we talk with our own Adam Meyer, Chief Security Strategist at SurfWatch Labs, about the report, cyber risk trends and what businesses need to do in order to stay ahead of cybercriminals.
A new episode of the SurfWatch Cyber Risk Roundup has been posted, Episode 64: Anonymous Gets Political, Employees Selling Passwords and Latest Cybercrime Lawsuits:
The hacking collective Anonymous made headlines by threatening to target Republican front runners Donald Trump and Ted Cruz. A large DDoS attack took down Swedish newspapers. Other trending events include more hospitals being hit with ransomware, a breach at USA Cycling, and a dangerous attack against a water treatment plant. On the advisory front new studies highlighted software vulnerabilities and employee passwords, Locky ransomware continues to be discussed by researchers, Microsoft if fighting back against malicious macros, and a new scam is impersonating ISPs. Legal stories include more warnings from the FTC, lawsuits against 21st Century Oncology and Costco, and arrests related to intellectual property theft and the Syrian Electronic Army. Plus, sports fans have terrible passwords.
Listen to the podcast via the player below, or learn more about SurfWatch Labs podcasts on our podcast page.
SurfWatch Labs, Inc. 