The upward trend of security breaches involving some of our most well-known and trusted organizations like JPMorgan illustrate the need for continuous cyber security training.
With that in mind, it is worth ensuring that we regularly revisit the basics and keep emphasizing how criminals gain access. More often than not, cyber crime is enabled as a consequence of unintentional human behavior.
Phishing via email is by far the most commonly used tactic by cyber criminals for stealing trade secrets, usernames and passwords, and accessing private information. The majority of intrusions occur as the result of someone clicking on a bad link in an email or on a social site. Once a bad actor or actors gains access through phishing, they are poised to start harvesting valuable personal information, including banking and health records, which in turn is sold for millions on the black market.
Industry and government are making headway in helping to counter the threat, but the fight is constant and ever evolving. Adversaries learn and adapt to both policy-based and technical defensive solutions. An example where policy is achieving positive results is prosecution of organized cyber criminal. In early June 2014 the Justice Department announced charges against a sophisticated gang of international hackers that implanted viruses on hundreds of thousands of computers, and netted over $100 million from consumers and businesses worldwide.
Technical defensive solutions present a more challenging problem because adversaries are able to counter defensive measures more quickly. While an international cooperative effort between the FBI, Europol, and security engineers from the private sector under “Operation Tovar” took down the GOZ botnet on May 30, 2014, the solution was temporary. Updated source code to reanimate a botnet is easy to get on the Internet, and new variants of the Trojan are currently active. As long as organizations and individuals at home use computers running older versions of Windows and outdated antivirus programs, these viruses and botnets can continue to be employed.
In the attack on JPMorgan’s systems this summer, hackers went through a public facing web application to obtain customer data that could be used to liquidate accounts. In April JPM stopped a money transfer from a Russian embassy to a sanctioned bank, and this summer’s intrusion was originally thought to be retaliatory. We now know that some other organized criminals have possession of 83 million bank records.
Billions of hits on banks, healthcare organizations, schools, and manufacturers from mass email and web intrusions happen every day. Because there is so much of our personal information in the hands of sophisticated scammers, we can expect to see very specific phishing attempts in the future. We will get email that appears to be from our doctor’s office, our bank or someone who knows details of our daily lives.
Cyber protection begins by staying current with the threat environment, both with networks and people. Be sure to:
- Be cautious about what links you click. Hackers can craft emails that appear legitimate. Best to type in the link yourself, especially when conducting financial transactions.
- Ask yourself if you really need to download a file. Documents may contain viruses that even a trusted sender may not be aware of. Ensure you scan documents with AV automatically.
- If you are using a public network, don’t go to sites that require passwords. Anyone can see and steal this information.
- Update everything! Networks and personal devises should have all the latest software and anti-virus updates checked daily. More importantly, ensure people are aware of the latest threats.
Mike Walls is Managing Director, Security and Operations and Analysis at EdgeWave. While on Active Duty in the U.S. Navy, Mike served as Commander Task Force 1030 reporting directly to the Navy’s Fleet Cyber Command, and was responsible for Cyber readiness of over 400,000 people, 300 ships, and 4,000 aircraft. Comments and questions for Mike Walls are welcome: email@example.com