There are eight trends definitely worth noting due to the significant risk they pose for data theft this year. These are reviewed across two categories: Human Behavioral Trends and Technique-based Trends, to examine who’s doing what and how they are doing it. Each of the two categories will look at 4 topics of interest, to include data on:
Cybercrime Just Got Easier: In this age of MaaS (Malware-as-a-Service), even entry-level threat actors can successfully create and launch data theft attacks due to greater access to exploit kits for rent, MaaS, and other opportunities to buy or subcontract portions of a complex, multi-stage attack. We review how 99.3 percent of malicious files used a Command & Control URL that has been previously used by one or more other malware samples and what this means for an attacker and a defender.
Something New or Déjà Vu?: Threat actors are blending old tactics, such as macros, in unwanted email with new evasion techniques. Old threats are being “recycled” into new threats launched through email and web channels, challenging the most robust defensive postures. We review how a business can adapt to protect itself from increasingly advanced threats and capable threat actors.
Digital Darwinism - Surviving Evolving Threats: Threat actors have focused on the quality of their attacks rather than quantity. Websense Security Labs observed 3.96 billion security threats in 2014, which was 5.1 percent less than 2013. Yet, the numerous breaches of high-profile organizations with huge security investments attest to the effectiveness of last year’s threats. We review what has changed in the threat landscape and what actions businesses can take to bolster their security posture.
Additional topics include how to face the challenge presented by the IT security skills shortage, how to build on infrastructure made brittle by OpenSSL Heartbleed and similar vulnerabilities, and how to handle the difficulties in correctly attributing an attack to an adversary.
The report can be downloaded here.
No comments:
Post a Comment