Story image

By 'taking the perspective of the attacker' organisations may fare better

03 Oct 16

Digital Shadows has recently looked into the many ways that threat actors are using the growing sophistication of criminal business models, characterised by the automation and replication of previously manual processes (industrialisation).

Michael Marriott, security research at Digital Shadows, has identified a number of examples of how breached data can currently be industrialised, based on incidents the company has detected in the past 24 months.

Botnets

Marriot explains that these particular datasets contain email addresses that can be used in the operation of botnets, which can subsequently be used to deliver spam or more malicious pieces of malware.

Credential harvesting is another example that the cyber exec highlights. He explains that malware such as Pony Loader can be used to steal credentials and/or online currency.

“The malware is available with a control panel, user management, logging features, a database to manage all the data, and password list to conduct brute force style attacks against less-secure cyber assets,” says Marriott.

Spear-phishing

“Like botnets, threat actors can use breached data in targeted spear-phishing campaigns in order to distribute malware such as banking trojans and ransomware,” he explains.

According to Digital Shadows, the below diagram shows the flow of stolen data through the many industrialised ‘services’ listed above and then onwards to other malicious activities.

“Notably, the graphic above highlights how stolen data that has been used for spear-phishing or in the creation of a botnet can be used to accrue even more data through data-stealing ransomware and banking Trojans,” says Marriott.

“This reuse of data creates a “virtuous circle” for the malicious actor where an initial investment in breached data in turn creates a growing pool of stolen information that can be put to a variety of uses," he adds. 

Marriott explains that by taking the perspective of an attacker, organisations can better understand the risks and threats faced by clients.

“This guides our approach towards public data breach incidents, where our analysts consider how attractive and useful a given dataset could be for a malicious actor in order to produce more structured and considered assessments of their severity.”  

Accenture 'largest Oracle Cloud integrator in A/NZ'
Accenture has bought out Oracle Software-as-a-Service provider PrimeQ, which now makes Accenture the largest Oracle Cloud systems integrator in Australia and New Zealand.
Telesmart to deliver Cloud Calling for Microsoft Teams
The integration will allow Telesmart’s Cloud Calling for Microsoft Teams to natively enable external voice connectivity from within Teams collaborative workflow environment.
Jade Software & Ambit take chatbots to next level of AI
“Conversation Agents present a huge opportunity to increase customer and employee engagement in a cost-effective manner."
How to keep network infrastructure secure and available
Two OVH executives have weighed in on how network infrastructure and the challenges in that space will be evolving in the coming year.
White box losing out to brands in 100 GE switching market
H3C, Cisco and Huawei have all gained share in the growing competition in the data centre switching market.
Gartner names newcomer Exabeam a leader in SIEM
The vendor landscape for SIEM is evolving, with recent entrants bringing technologies optimised for analytics use cases.
52mil users affected by Google+’s second data breach
Google+ APIs will be shut down within the next 90 days, and the consumer platform will be disabled in April 2019 instead of August 2019 as originally planned.
How Fujitsu aims to tackle digitalisation and the data that comes with it
Fujitsu CELSIUS workstations aim to be the ideal platform for accelerating innovation and data-rich design.