Cyber attacks, data leaks and cyber espionage are amongst some of the biggest threats that businesses face today.
The scary part is that these malware attacks are silent, without your knowledge, and before one realises what has happened the damage has been done it could cost millions to repair your reputation and losses.
They are known as advanced persistent threats (APT) and typically malware is used to infect a machine, creating a back door that will have access to sensitive information. The point of these attacks is not necessarily to cause any damage, but rather to steal sensitive information. These attacks have become incredibly complex and often difficult to detect. Modern malware codes are so sophisticated that they have the ability to rebuild continually so they are not detected.
Just recently Kaspersky Lab exposed a new cyber espionage campaign that focuses on supply chain attacks. The group called “IceFog” currently focuses on targets in South Korea and Japan by attacking the supply chains of Western companies. Although the operation started in 2011 the last two years has seen their activities intensify.
This new trend that is developing is the ability to hire these small groups of attackers to perform surgical hit and run operations. So if you want access to sensitive data from one of your competitors or infiltrate a government organisation, you can now hire these murky cyber mercenaries to do all the dirty work.
Recent attacks have targeted sectors that include military, shipbuilding and maritime operations, computer and software development, research companies, telecom operators, satellite operators, mass media and television.
It is difficult to quantify how much data was stolen and how vulnerable these attacks have left corporations. Companies do not often make these losses public to avoid embarrassment and litigation.
Ironically, the Russian security services recently purchased and started using old typewriters following the Edward Snowden accusations against the NSA and cyber spying surrounding Wikileaks.
While malware attacks are not new, they are intensifying and companies need to become more aware of their environments to combat these attacks.
- Bring Your Own Devices (BYOD) are cost affective solution for many companies, but the installed software and maintenance needs to be looked at. What mechanisms do you have in place to ensure that data leakage does not take place on one of these devices?
- Data policies are critical and often overlooked. Who has access to sensitive information and how accessible is it in your company? Social engineering is one of the biggest security gaps within companies. Any machine that has USB access is vulnerable and data can be leaked.
- Who has access to your network and infrastructure? Are you outsourcing services that could perhaps make your data vulnerable?
- Monitoring for suspect activities on a network is key. Any unusual behaviour on your network should alert you immediately.
- Have the right software and anti malware installed to knock out any threats.
Banks have been particularly vulnerable to these attacks and in the last two months millions some well known banks have been hit for millions by international syndicates.
Data theft is on the rise at a rapid pace and it not just the multi national conglomerates that are being affected. Cyber thieves are eyeing opportunities that can make money and hold organisations to ransom. Don’t let your company become a victim to these criminals.