View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
April 28, 2014updated 22 Sep 2016 11:20am

4 more security threats your company needs to know about

IT manager? Care about security? Read this.

By Jimmy Nicholls

Last week we introduced you to the first five of the security breaches identified by Verizon in their data breach report. Now we will take you through the remaining four, including which industries are affected and what you can do to protect yourself against them.

6) Crimeware

Industries affected: Public, information, utilities and manufacturing

Crimeware is Verizon’s word to describe malware other than that intended for point-of-sale attacks or espionage. Like those attacks, organised crime is central to these, with the motives either directly or indirectly financial. Increasingly such breaches were sold as a service last year, such was there success.

The report outlines two noteworthy pieces of malware: Zeus (also Zbot) and Nitol. The former should be familiar to security experts, having existed for several years. Despite an FBI investigation and over a hundred arrests, this Trojan horse has mutated over several iterations and is still used worldwide to steal money from bank accounts.

Nitol, on the other hand, remains confined to Asia, granting the user backdoor access and causing infected systems to engage in DDoS attacks.

What to do: Zeus frequently exploits out of date web browsers, giving all the more reason to patch them. Verizon also advise users to disable Java when it is not being used. IT managers may wish to consider using two-factor authentication, which requires users to two pieces of information or equipment in order to access a system (such as a bank card and PIN code at a cash point).

Zeus is not merely a Greek god; he is also a Trojan virus. Divided loyalties.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

7) Card skimmers

Industries affected: Finance and retail

Card skimming, unlike point-of-sale attacks, involves the payment device being physically tampered with, mostly at cash points and petrol stations. Criminals can now buy sleek devices that clip into card readers to scan the magnetic strip, and even collect the data via a Bluetooth connection or SIM card, according to Verizon.

Three-quarters of the time third parties such as police or customers were responsible for detecting the fraud, and criminals using skimmers frequently came from Bulgaria (38% of the time), Romania (18%) or Armenia (18%).

What to do: Modern ATMs are designed to be resistant to tampering, but Verizon say vendors can use more basic methods such as stickers placed over doors to alert them to when something is wrong. For customers covering a PIN and checking to see if adjacent machines are consistent is advised.

8) Cyber-espionage

Industries affected: Professional, transport, manufacturing, mining and public

Even if an organisation is not affiliated to a state or public service it may still be the target of cyber-espionage if it has data, intellectual property or relationships that the perpetrator wishes to access. Verizon believe that 87% of espionage is linked to a state, with most of the remainder likely the attempts of organised crime. Some may even be company on company crime.

Cyber-espionage can take all sorts of forms, including backdoor attacks, C2 (or "man on the inside") jobs, phishing or even keylogging. Of these Verizon say the most prevalent is spear phishing, in which a professional-looking email is sent to the victim who upon opening it allows malware to be installed on his system.

Phishing is an old internet scam, but a more recent one is that of strategic web compromises (SWCs). It follows a similar logic to phishing, but the trap is set mostly on legitimate websites which when visited install malware on the target computer.

What to do: Patch systems, update anti-virus software, train users to recognise threats, segment the network and keep good logs: in other words, run a tight ship. IT managers may also wish to seek out software that protects against phishing, and purchase products to help them monitor network traffic.

If Bond was created now, he'd spend more time at his desk and less time shooting bad guys.

9) (Distributed) Denial-of-service attacks (DDoS)

Industries affected: Finance, retail, professional, information and public

Perhaps the most famous cyber-attack, denial of service (Dos) shuts down a part of a network temporarily or permanently, whether it be part of an internal system or a public network such as a web server.

In the past these were achieved through home computers, some of which were compromised unknown to their owners. These days much of the attacks are scripted, with a piece of software known as Brobot or itsoknoproblembro being the most prominent, according to Verizon.

In simple terms, a DoS attack pummels a server with junk traffic or requests, forcing it to reset or making it so lethargic as to be unusable. "DNS reflection doesn’t require significant computing resources on the part of the attacker to produce devastating results," Verizon say.

What to do: Turn the servers you can off when they are not in use, and make sure they are patched. Key assets should be isolated, and providers should provide an anti-DDoS service that can be tested quarterly.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.