Last week we introduced you to the first five of the security breaches identified by Verizon in their data breach report. Now we will take you through the remaining four, including which industries are affected and what you can do to protect yourself against them.
6) Crimeware
Industries affected: Public, information, utilities and manufacturing
Crimeware is Verizon’s word to describe malware other than that intended for point-of-sale attacks or espionage. Like those attacks, organised crime is central to these, with the motives either directly or indirectly financial. Increasingly such breaches were sold as a service last year, such was there success.
The report outlines two noteworthy pieces of malware: Zeus (also Zbot) and Nitol. The former should be familiar to security experts, having existed for several years. Despite an FBI investigation and over a hundred arrests, this Trojan horse has mutated over several iterations and is still used worldwide to steal money from bank accounts.
Nitol, on the other hand, remains confined to Asia, granting the user backdoor access and causing infected systems to engage in DDoS attacks.
What to do: Zeus frequently exploits out of date web browsers, giving all the more reason to patch them. Verizon also advise users to disable Java when it is not being used. IT managers may wish to consider using two-factor authentication, which requires users to two pieces of information or equipment in order to access a system (such as a bank card and PIN code at a cash point).
7) Card skimmers
Industries affected: Finance and retail
Card skimming, unlike point-of-sale attacks, involves the payment device being physically tampered with, mostly at cash points and petrol stations. Criminals can now buy sleek devices that clip into card readers to scan the magnetic strip, and even collect the data via a Bluetooth connection or SIM card, according to Verizon.
Three-quarters of the time third parties such as police or customers were responsible for detecting the fraud, and criminals using skimmers frequently came from Bulgaria (38% of the time), Romania (18%) or Armenia (18%).
What to do: Modern ATMs are designed to be resistant to tampering, but Verizon say vendors can use more basic methods such as stickers placed over doors to alert them to when something is wrong. For customers covering a PIN and checking to see if adjacent machines are consistent is advised.
8) Cyber-espionage
Industries affected: Professional, transport, manufacturing, mining and public
Even if an organisation is not affiliated to a state or public service it may still be the target of cyber-espionage if it has data, intellectual property or relationships that the perpetrator wishes to access. Verizon believe that 87% of espionage is linked to a state, with most of the remainder likely the attempts of organised crime. Some may even be company on company crime.
Cyber-espionage can take all sorts of forms, including backdoor attacks, C2 (or "man on the inside") jobs, phishing or even keylogging. Of these Verizon say the most prevalent is spear phishing, in which a professional-looking email is sent to the victim who upon opening it allows malware to be installed on his system.
Phishing is an old internet scam, but a more recent one is that of strategic web compromises (SWCs). It follows a similar logic to phishing, but the trap is set mostly on legitimate websites which when visited install malware on the target computer.
What to do: Patch systems, update anti-virus software, train users to recognise threats, segment the network and keep good logs: in other words, run a tight ship. IT managers may also wish to seek out software that protects against phishing, and purchase products to help them monitor network traffic.
9) (Distributed) Denial-of-service attacks (DDoS)
Industries affected: Finance, retail, professional, information and public
Perhaps the most famous cyber-attack, denial of service (Dos) shuts down a part of a network temporarily or permanently, whether it be part of an internal system or a public network such as a web server.
In the past these were achieved through home computers, some of which were compromised unknown to their owners. These days much of the attacks are scripted, with a piece of software known as Brobot or itsoknoproblembro being the most prominent, according to Verizon.
In simple terms, a DoS attack pummels a server with junk traffic or requests, forcing it to reset or making it so lethargic as to be unusable. "DNS reflection doesn’t require significant computing resources on the part of the attacker to produce devastating results," Verizon say.
What to do: Turn the servers you can off when they are not in use, and make sure they are patched. Key assets should be isolated, and providers should provide an anti-DDoS service that can be tested quarterly.