A Massive Wave of Cybercrime Coming

Michael Patterson : Advanced NetFlow Traffic Analysis
Michael Patterson
Founder and Product manager for Plixer's Scrutinizer NetFlow and sFlow Analyzer as well as Flow Analytics.

A Massive Wave of Cybercrime Coming

Get ready for biggest year yet in cybercrime.  We have learned over the last few years that hackers have honed their penetration skills to the point that any targeted company can easily become a victim.  Most business owners have accepted that being connected to the Internet means that they can and probably will be compromised regardless of the defensive measures taken.  It is more than just a game of probability.  Every company in every country that is connected to the Internet will definitely get compromised but, how, when and what will be taken is the big question.  Today, it seems that most business owners are willing to take the chance and they probably have to in order to stay competitive. 

“There are two kinds of big companies in the United States. There are those who've been hacked by the Chinese and those who don't know they've been hacked by the Chinese.” James Comey – Director, FBI

james-comey.jpg

In a recent survey of 583 U.S companies conducted by Ponemon Research on behalf of Juniper Networks, 90% of the respondents said their organizations' computers had been breached at least once by hackers over the past 12 months. Nearly 60% reported two or more breaches over the past year. More than 50% said they had little confidence of being able to stave off further attacks over the next 12 months.

What Makes Us Vulnerable

Most security teams understand that our chances of falling prey to cybercrime increase if the company has:

  1. Data that is worth stealing
  2. Lots of money
  3. Many employees that read email
  4. Poor security in place
  5. Inadequate backups
  6. Unpatched systems on the network

The more protected you are and the tougher the attacker finds it to get inside, the more likely they are to move onto another company. 

NBC news reported that Hollywood Presbyterian Medical Center CEO Allen Stefanek said in a statement Wednesday that paying the ransom of 40 bitcoins was "the quickest and most efficient way to restore

our systems and administrative functions." He said the hospital did it in the interest of restoring normal operations. 

Allen Stefanek

Allen Stefanek’s decision may have been the wisest choice. The FBI announced in Oct of 2015 that paying the ransom is sometimes the best decision.

“To be honest, we often advise people just to pay the ransom.”

Joseph Bonavolonta, Assistant Special Agent CYBER and Counterintelligence Program – FBI, Boston

How They Get In

The bigger the company, the more entry points for malware exist due to having more employees accessing the web.  Greater employee counts means being more susceptible to phishing attempts which seem to be the method of choice for gaining a foot hold inside an organization.  In fact, phishing attempts have DOUBLED in 2016 over 2015.

In March, the number of email antivirus detections reached 22,890,956, which is four times more than the average for the same period last year.  This represented 56.52% of all email being spam.

cybercrime

Source:  Kaspersky Lab

Prepare Your Company

Stopping the malware from getting in is difficult.  The more they spam your organization, the higher the probability that they will get in. To prepare for this inevitability, here are a few things to consider:

  • Make sure your cyber forensics team has the data they need to investigate the event. This means log and NetFlow collection. 
  • Invest in detection systems that look for odd behaviors such as low and slow data thefts.  
  • Install a UDP forwarder to forward logs and flows to multiple collection points making it harder for malware to cover up its tracks.
  • Make daily backups of critical systems and keep all them all patched
  • Provide mandatory quarterly training on cyber security for all employees
  • If possible, remove critical systems from the Internet.  This does not mean blocking them from accessing the Internet by using an access list on the router or firewall.  That is definitely not effective today due to connection tactics such as DNS tunneling. If you can, unplug it from the network.  Otherwise, it is a highly sought after target.
Ultimately, this is a race to be the least vulnerable. We have to make it difficult for the attackers to get in and use it as a deterrent that makes them want to move on to an easier target. We also have to accept that we will be penetrated eventually which is why it is important to have the data necessary to go back and research how the attack became successful.  This allows us to tighten our defenses even more.


Feedback for A Massive Wave of Cybercrime Coming

Leave a comment

Featured Events