Threat Intelligence Blog

In a previous blog, our CTO, Manoj Srivastava, discussed how the methodology of modern cyber crooks has evolved, how adept they are today at exploiting the human instinct to trust.

And here’s another troubling wrinkle: These criminals aren’t gaining access to networks to exclusively steal money anymore. No, these days, your network’s data commands the big dollar signs.

To protect themselves, those overseeing enterprises must dispense of badly outdated stereotypes about would-be intruders. Especially the one in which the hacker is some pimply faced kid pecking away solo in his parents’ basement. This kid has grown up, now a member of a thriving, sophisticated organized crime ring – possibly with deep connections to international syndicates or rogue nations in Eastern Europe, the Middle East or Asia.

The mob once dealt in liquor, gambling and other vices. Now, it’s all about the black market for information. The organized cyber-crime syndicate could be on retainer to obtain secrets from the Pentagon or U.S. Department of State. Or the data of interest could be the molecular blueprint of a pharmaceutical company’s developing wonder drug – a valuable “purchase” for a competitor. Or a food retailer may be willing to pay a small fortune for details on the expansion plans of a rival. It could be one of these or any number of countless scenarios in which information commands an asking price.

Once the terms of an agreement are reached between the buyer and the criminal ring, the strategies of intrusion are deployed. As described in detail by Manoj, the most popular technique involves getting inside network users to unwittingly open an emailed link that’s really malwareMalware: A generic term for a software that is designed to disable or otherwise damage computers, networks and computer systems LookingGlass Cyber (n) - another type of cold that can destroy a computer by latching on to destroy other programs..

You may think that your network users are above that sort of ruse, but people use multiple ways to connect to your network (i.e. working from home, non-corporate or personal mobile devices); which only broadens the attacker’s vectors of access and points for trust. Keep in mind that the phishingPhishing: The use of emails that appear to be from a legitimate, trusted source that are enticed to trick recipients into entering valid credentials including personal information such as passwords or credit card numbers into a fake platform or service. LookingGlass Cyber (n) - tailoring an attack (such as email) to garner trust and credentials that are then used maliciously. The preverbal digital version of the ol' hook and bait. scammer here simply needs one ill-advised click. That’s it. Even relatively savvy users can lapse into a weak moment, perhaps during an especially frazzling day when they’ve been multitasking for hours and are attempting to swiftly go through their in-box before heading home. That’s the kind of moment the hacker is waiting for, because mental fatigue + urgency = a ripe opportunity for that much-sought click.

Keep in mind that once in the network, it’s time to mine for the information. If the intruder keeps a low profile – not taking part in any activity that would raise any suspicions among those monitoring the network – he can settle in for the long haul and keep gaining access to data. And consider the wealth of information within that can be exploited for ill-gain: intellectual-property, sensitive financial reports, R&D innovations, hiring plans, salary structures and other confidential personnel information.

Because so many users are combining “work” with personal tech, hackers can further expand their market reach. Information about corporate executives, for example, is highly valued because they usually have a “clean” background record and such a record is valuable for black-market operatives. These operatives will use the records to create bogus passports, visas and driver’s licenses to allow dubious characters from foreign countries to arrive here while avoiding a watch list.

All it takes is one bad click to unleash all of this access. If you’re not taking pro-active steps to thwart these data thieves, are you prepared to deal with the consequences?

Terry Gudaitis , Ph.D., Cyber Intelligence Director, Cyveillance

Question to consider: What are you doing to pro-actively monitor and prevent unauthorized access to information on your network?

Additional Posts

How Your Business Associations Can Compromise Your Data

When it comes to socially engineered network attacks, it’s often said that your organization’s ...

System Compromised? It’s Likely Due to a Matter of (Misplaced) Trust

As the CTO of a leading cyber-intelligence company, I’m often asked about the biggest ...