Cybercrime is maturing, shifting its focus to larger and more profitable targets and threats are becoming more sophisticated. This trend is picked up in reports like eSentire’s annual “Threat Intelligence Report“, which considers the maturing the cybercrime ecosystem. As well as attacks from individual actors or small groups, included in the ‘mature’ attacks are the in increased risks presented by ‘rogue’ nation-state.
For the report, eSentire facilitated an online survey of 300 IT security professionals. Of these professionals, only 36 percent reported that their organization clearly defined sensitive “crown jewel” data. The report finds that the vast majority of nationally sponsored cybersecurity incidents take the form of espionage through data exfiltration, with frequent employment of remote access tool Plug-X.
Plug-X is often utilized to enable remote users to perform malicious and data theft routines on a system without the user’s permission or authorization.
In terms of the number one malicious code risk called Emotet was found to be the most observed threat both on networks and on endpoints, accounting for almost 20 percent of confirmed malware incidents.
Emotet is a type of malware originally designed as a banking Trojan, with the intention of stealing sensitive information. Since then the malicious code has evolved to become a major threat to users and businesses everywhere.
Threat actors are employing an ever-evolving range of strategies and tactics to bypass defenses, such as phishing campaigns via trusted cloud services. As cyberattacks grow in complexity, they are capable of attacking various forms of infrastructure using a wide range of tactics.
In terms of risk assessing data and developing appropriate solutions, businesses should be posing themselves searching questions and then develop strategies around the answers:
What is my data worth from a social perspective?
What is my data worth from a financial perspective?
What is my ease of obtaining the data?
How prepared is your organization relative to its peers? What is the probability of your perimeter defenses being bypassed by threat actors?
What percent of businesses in major industries do not have sensitive/crown jewel data clearly defined?
What is my risk of being caught?
What are the consequences of being caught?
When using this approach, it can be useful for C-suite executives to put themselves in the mind of a hacker to understand how to defend sensitive data.