The Changing Landscape of Security Threats – Part 1

In an effort targeted at increasing awareness among small and medium businesses regarding today’s network security threats, Compulite’s consulting services practice has compiled a list of recommendations.

These recommendations are based on two leading public and private sector authorities in this space: Government of Canada, Communications Security Establishment (GC CSE) and Mandiant (a FireEye company).

According to Mandiant, a new and emerging target is increasingly represented by business and professional services organizations, which until recently were a relatively low priority in the sights of cyber criminals. The increasing number of attacks against these targets are focused on developing a “bridge head” that could serve to attack a larger institution, such as a local government institution or a leading private sector enterprise. As a trust relationship is established between a small firm and a larger enterprise, attackers could exploit this in an effort to gain a foot-hold in the larger environment.

Research from these leading authorities, indicates that average breach and detection times are still very high among organizations: 205 days in 2014 compared to 229 days in 2013. Most entities (69%) learn of the breach from an outside source such as IT service provider or law enforcement, and only 31% discover the attack internally.

Among the most popular attack avenues are:

  • Phishing emails attempting to impersonate an antivirus or IT vendor
  • Compromised web sites deploy malware on user workstations
  • Stealing of credentials (VPN, Remote Desktop, FTP)

An interesting fact that emerged from the research performed, is that 72% of the phishing emails were sent on weekdays and during business hours attempting to cause as little suspicion as possible. Also, impersonating an antivirus product or IT vendor seemed to get the users’ attention and convince them to click a weaponized link that triggered additional malware to be installed on the system, which would provide remote access capability to the attacker.

In preparation to defend against attacks, companies are advised to identify and rank key information in terms of its sensitivity and work together with their internal IT department or vendor to protect it accordingly. Since no system can be perfectly protected against every intrusion technique, a constant monitoring of access to sensitive data is required to close the security gap.

In Part 2 of our coverage of security threats we will explore the security recommendations that organizations should take to build up defenses against cyber threats.