Prepare to Get Hit Warns FBI Cybercrime Boss

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.infosecurity-magazine.com/news/fbi-highlights-cybercrime/

Speaking at Cloudsec London 2015 this morning, FBI supervisory special
agent Timothy Wallach warned that tackling cybercrime would be an
inevitability for all companies.

“There’s an assumption among companies that ‘it won’t happen to me’,” began
Wallach, who manages the FBI Seattle Division’s Cyber Task Force.

But that attitude, he cautioned, waslong outdated, with the frequency and
magnitude of data breaches across the world indicating that no company is
safe.

And what we know about could just be the tip of the iceberg, with only
disclosed breaches gaining public attention. In 2013, around 800 million
personal records were stolen and leaked online, Wallach said, quoting
commonly referenced statistics. That figure rose in 2014 to one billion.

The problem in mitigating this trend is that cybercrime is global, and
hackers are indiscriminate in who they target.

Wallach explained that much of the challenges arise from the increasing
sophistication of hackers over time: “They have moved from ego-hackers and
script kiddies to sophisticated nation state actors.”

Across the spectrum, Wallach explained, are low-level attackers, who
typically use techniques such as DDoS, often as part of ‘hacktivism’
campaigns or unsophisticated cyber-terrorism and defacement activities; and
more sophisticated attackers, committing theft against personally
identifiable information, stealing R&D, or targeting critical national
infrastructure.

Much of the reason that cybercrime is a growing problem is attributable to
the fact that the entry level to cybercrime is low.

“Cyber is based on a system of trust and hackers are exploiting that trust
in any way they can,” said Wallach.

Most actors are overseas, he continued, which means reaching into other
jurisdictions and collaborating with law enforcement there. The latter can
be problematic if the priority of cybercrime in the law enforcement
environment of a partner country is low – even if much of the crime is
originating from that region.

Nonetheless, Wallach praised global collaboration between law enforcement
groups in the bid to stem the tide of malicious online attacks.

He highlighted that partnerships with other law enforcement bodies and the
private sector have yielded many successes in the global battle.
Transnational partnerships have resulted in global takedowns, such as the
botnet behind GameOver Zeus. He also highlighted the campaign against
GameOver Zeus ringleader Evgeniy Bogachev, a Russia-based hacker for whom
$3m reward is currently offered, as another success.

In addition, law enforcement is able to build a growing idea of the scale
of the cybercrime problem, because, “Partnerships between government and
industry has greatly increased the willingness of private sector to report
cybercrime.”

However, the FBI faces challenges in resourcing, given the need for
specialized training in recruits: “We have a difficult time identifying,
recruiting and maintaining talent because there are so many more lucrative
offering in the cyber world.”

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!