Modern threats – What you need to know

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://techday.com/the-channel/news/modern-threats-what-you-need-to-know/183358/

Looking back over the past few years, we can see an undeniable and
unsettling trend.

Each year, the scale and complexity of cyber-attacks increases, while
businesses increase spending on security for their networks and corporate
data.

Although fortifying protection with additional security does help, the
number of successful attacks keeps growing. Businesses continue to be
compromised and the costs associated with those breaches only go up.

To better understand this problem we first must understand the tactics used
by cybercriminals. First, the unfortunate reality is that a great many
cyber-thieves collaborate with one another.

The market for Cybercrime as a Service (CaaS) provides inexpensive, end to
end offerings for every type of attack. Services include new malware
development, hackers for hire, large scale access to infected PCs, and
exploit development. But the offerings don’t stop there.

There is an entire segment dedicated to the liquidation of stolen data,
ranging from usernames and passwords to bank and credit card account
information. At every step, there are measures in place to ensure success.

Additionally, cybercriminals understand the challenges faced by today’s
security companies. They maintain their advantage by staying on the
offensive and using the element of surprise as they create new threats.

Cybercriminals have developed distribution techniques for threats which aim
to overwhelm the security industry’s capacity. The primary tactic is to
rapidly create new malware variants and deliver them in very low volume.

This low volume distribution makes it more difficult for security vendors
to encounter and identify the threat, which means the threat will go
undetected longer.

As with most criminal activity, the primary focus of cybercrime is
financial gain. This can be accomplished in many ways, but the typical
methods involve collecting sensitive data and selling it or using it to
commit fraud.

These threats are usually difficult to detect on an infected system. On the
other end of the spectrum are threats that use extortion and ransom tactics.

These infections, known as ransomware, encrypt data on your system and
demand payment for the decryption key. In both cases, data and the money
it’s worth are the targets.

Because no security solution can be 100% effective at preventing every
attack, businesses need to take measures to ensure their data is secure.

This means using encryption technology as well as secure backup for
sensitive data. In addition, as security vendors create more innovative
protection, it’s up to businesses to layer their security appropriately and
stay on top of threat trends.

While the advancements in threat detection and remediation technology are
improving security, businesses and consumers alike need to be aware of
malware risks and act accordingly when transacting and doing business
online.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!