Security software company Trend Micro has released its latest report that takes a look at the real world affects of a security breach.
The report, Hazards ahead: current vulnerabilities prelude impending attacks, says potential security gaps serve as a prelude to potentially massive events that will greatly impact 2016.
Trend Micro says the interconnectivity of technology has led to a point where many devices are potentially vulnerable, and in the third quarter of 2015, the real world impacts of cyberattacks became clear.
“The evolution of breaches is beginning to take a turn toward real-world effects on enterprises’ bottom lines and people’s lives,” explains Dhanya Thakkar, managing director of Asia Pacific, Trend Micro.
“The emergence of numerous vulnerabilities and other data breaches that occurred in this quarter are bound to release more confidential and potentially destructive information to the public, which could then be sold to the highest bidder on the Deep Web.”
The company says data breaches experienced last quarter, such as Ashley Madison, spurred a chain of attacks, in which dumping stolen confidential information in public domains tarnishes victims’ reputations, causing far great damage than simple business disruptions.
“Cybercriminals, who leveraged the compromised information to launch extortion attacks and blackmail users, caused catastrophe for both Avid Life Media, the site owner, and more than 30 million Ashley Madison users – with reports of victim suicides in response to the impact this attack had on their personal lives,” the company explains.
According to the report, security breaches impacting the healthcare industry were prevalent in the third quarter, with health and personally identifiable information (PII) the second-most stolen data type out of all data breach categories. These instances reinforce why the healthcare industry continues to be an appealing target for cybercriminals, Trend Micro says.
Attackers are continuing to set their sights on mobile device users, taking advantage of gaps in security that exist on the iOS and Android platforms.
Trend Micro says the discovery of vulnerabilities in Android highlighted the need for a more integrated set of security strategies, while modified versions of app creation tools debunked the notion that the iOS walled garden approach to security can spare the platform from attacks.
“As Trend analysts have observed, cyberspace has become more punitive, and attacks are no longer isolated,” says Thakkar. “To mitigate future breaches and reduce risk, enterprises must focus on intrusion suppression and address the advent of secondary infections.
“Integration of breach detection systems with intrusion prevention systems is fundamental to decreasing the time hackers dwell on their networks.”
Thakkar says ‘expect to be hit prepare to survive’ will become the mantra of 2016.
- The report highlighted the following third quarter activities:
- Data breach dumps were used to fuel further attacks and extortion. The successful attacks against The Hacking Team and Ashley Madison greatly affected the security and computing industries.
- Discovery of weak points in mobile platforms emphasise existing problems in both ecosystems. In response to the recent spate of Android vulnerability discoveries, Google finally announced regular security updates for the platform.
- Cybercriminals use the “shotgun approach” on PoS malware, primarily affecting small businesses. Attacks seen in the third quarter involved PoS malware launched through “old” techniques like spamming, as well as tools like macro malware, exploit kits and botnets.
- Political personalities surface as targets of ongoing espionage campaigns. Analysis of recent data revealed that Pawn Storm has expanded its targets from mostly U.S. targets to Russian entities.
- Angler Exploit Kit continues to be a widely-used tool, with access numbers increasing by 34 percent. Angler Exploit Kit creators updated their arsenal this past quarter, which resulted in attackers using their creation to distribute new malware.
- New research raises issues on the security of Internet-ready devices. Attackers are now modifying target-tank information, which could have dire consequences for the general public.