It’s March. The lion is slowly morphing into a lamb, with warmer temps and sun screen to follow. March Madness is days away. Almost seventy (70) college games will soon test your flat screen’s durability. But you don’t have to wait for any brackets to find out who’s starting in this particular tournament, which lasts far longer than a fortnight. It’s an ongoing battle of the boards that takes place each second of every single day. It’s the ongoing fight to secure networks and keep vital data out of the hands of the following players.
Please direct your attention to center court. It’s time to introduce the Cyberthreat starting lineup.
At point guard, a veteran at unknowingly risking the security posture of virtually every business, organization and government on the planet—users.
As you’ve probably heard countless times, user error is the largest threat actor in the cyberthreat starting lineup. Whether it’s IT departments lacking the needed security skill sets to fend off attackers, too many unnecessary privileges being granted, or somebody absentmindedly clicking on a link in an email, internal errors are killers.
But users don’t always act unknowingly. Consider the disgruntled current or ex-employee. If they don’t adhere to the “never burn your bridges” workplace philosophy, they may just want a pound of data flesh. And they’ve even been known to collaborate with organized crime—even governments—to gain information or a big cash payout.
In late 2018, a scientist at biotechnology firm Genentech sold trade secrets to a rival company, which allowed them to manufacture generic versions of Genentech pharmaceuticals.
At the off-guard, an angry-at-the-world, politically-driven menace—the hacktavist.
These ne’er-do-wells are politically motivated so, naturally, making the most noise possible is a core motivator. Whether it’s publicly making a statement about their cause du jour or attacking a business or organization they feel has wronged them or the public at large, hacktavists have a delusional belief that they’re lauded by many. Hactavists attacked extramarital dating site Ashley Madison and divulged that names of tens of millions of members.
At small forward, the well-funded and cyber sophisticated—government-sponsored cyberthreat.
Government-led cyberthreats can count as their motivation a broad list of reasons, from economic, military, political…you name it. A year ago, the U.S. and the U.K. issued a joint statement blaming Russia for a series of cyberattacks. The Department of Justice a few weeks ago “shot down” a North Korean launched botnet. A Norwegian software company revealed that hackers form China’s ministry of State Security attempted to steal clients’ trade secrets. It was discovered that Iran had for years launched global DNS hijacking attacks against the Middle East, Europe, and North America. The Mexican government used spyware to target colleagues of a slain journalist investigating drug cartels. Six (6) months ago, different governments from at least forty-five (45) countries deployed spyware against targets in the U.S., France, Canada, and the UK.
That is a miniscule number of examples of government-sponsored cyber attacks. The list is exhausting. Cyber Warfare is the new battleground.
At power forward, and borrowing from a menacing label that dates back decades—organized crime.
Organized crime, whether you’re talking cyber threats or Capone-era Chicago, ultimately exists for a single purpose—illegal profits. The former types are the ones trying to get your logins and passwords, social security numbers, credit card information and health records. They’re the launchers of ransomware, bots and trojans. They’ve lately turned more and more to credential stuffing. And when a better mousetrap is built to stop them, they build a better, smarter mouse.
At center, a starter, but a less publicized or feared cybercriminal—the script kiddie.
These are the amateurs, usually working alone with a bag of chips and a Mountain Dew at their side, who use existing code they’ve found on the dark web to launch their attacks. They don’t develop their own tools; they’re wannabes and generally don’t do extensive damage, but want to prank websites for grins. However, there have been a few noteworthy attacks, like a DDoS event that crippled Yahoo a few years back.
A cybercrime-fighting team that’s been winning for years
To find out how to shore up your organization’s security posture, contact GDT’s tenured and talented engineers and security analysts at SOC@GDT.com. From their Security and Network Operations Centers, they manage, monitor and protect the networks of organizations of all sizes, including those for some of the most notable enterprises, service providers, healthcare organizations and government agencies in the world. They’d love to hear from you.
If you want more information about network security, cyberattacks and how to combat the cyberthreat starting lineup, read more about it here:
Death and Taxes—and you can add this to the mix
If you doubled down on Russia, your bet’s safe
What happens in an ATM, doesn’t always stay in an ATM
Google launches itself into cybersecurity space
Getting Stuffed at Dunkin’ Donuts?
State of the Union address focuses on technology–briefly
The technology arms race was just amped up
Apparently, cyber attackers also consider imitation to be the sincerest form of flattery
Last week’s DHS “alert” upgraded to “an emergency directive”
The Collection #1 data breach—sit down first; the numbers are pretty scary
Shutdown affects more than workers
DDoS Attacks will deny a Massachusetts Man Ten (10) years of Freedom
Don’t get blinded by binge-watching
Mo Money, Mo Technology―Taylor Swift uses facial recognition at concerts
Step aside all ye crimes—there’s a new king in town
Q & A for a Q & A website: Quora, what happened?
They were discovered on Google Play, but this is no game
Elections are in, but there’s one (1) tally that remains to be counted
Hiring A Hacker Probably Shouldn’t Be Part of Your Business Plan
Sexy, yes, but potentially dangerous
Tetration—you should know its meaning
When SOC plays second fiddle to NOC, you could be in for an expensive tune
How to protect against Ransomware