How Lucrative is Confidential Data? Prime Bounty for Hackers, Top Concern for Businesses
IT Professionals report securing sensitive data as the #1 challenge, even more than avoiding revenue loss or protecting reputation
In the 19th century, money was the key to power. During the 20th century, it was technology. Today, information and data is the key to power. It’s why organizations are keen to safeguard their data and hackers are intent on stealing it. In 2016, this fact was underscored numerous times: Wikileaks, ransom attacks that hijacked an organization’s digital assets, or the doxing and dumping of information about officials and decision makers.
Today, servers, and the data they contain, are the primary target of cyber-attacks, versus internet pipe saturation or firewall exhaustion as in years past. Furthermore, after cyber-ransom was a concern for individuals, in 2016 it has become the primary motivation for cyber-attacks (41%) against businesses. They trade volumes of data such as personal identification, account credentials and medical records– and now enterprise and government confidential data – are rapidly growing throughout the Darknet marketplaces. The bottom line: data is the new gold bullion.
Radware’s annual Global Application & Network Security Report combines a comprehensive information-security industry survey with our Emergency Response Team’s (ERT) in-the-trenches experiences fighting cyber-attacks, and incorporate perspectives of third-party service providers and customer stories.
Cyber Security Reaching a Tipping Point
Cyber security attacks and attackers are nothing new. Yet, we are at a point in time where we are witnessing dramatic and frightening increases in attack frequency, complexity, size, etc. The hacking community has reached an ideal state in terms of:
- Availability of low cost resources
- Dramatic increase in high value, increasingly vulnerable targets putting more and more valuable information online
- A level of maturity where on top of hacking programs and anonymity they enjoy services such as hosting, security and can even leverage public cloud compute power.
Figure 1: Ransomware, Botnet, User Database and DDoS are all available at the Dark market
Internet of Things (IoT) Botnets Open the 1Tbps Floodgates
As the first IoT open-source botnet, Mirai exemplifies why preparing for “common” attacks is no longer enough. The infamous attacks against Brian Krebs, OVH and DynDNS introduced – on top of the record-breaking volumes – sophisticated vectors such as GRE floods and DNS water torture. These events change the rules of real-time mitigation and makes security automation a must. The fact that Mirai is open-source code means hackers can potentially mutate and customize it—resulting in an untold variety of new attack tools that can only be detected by intelligent automation such as behavioral analysis or machine learning. In Radware’s survey, 55% of security professionals indicated they believe the Internet of Things complicates either their detection or mitigation requirements.
Non-Volumetric DoS: Alive and Kicking
Yet, the IoT botnet headlines are somewhat misleading. While this threat of astonishing volumes is certainly valid, the reality of most business is different. Neither the number of victims nor the frequency of attacks has grown. For example, 70% of non-volumetric DDoS attacks are below 100MBps. These attacks have a financial impact on businesses in the form of latency and poor user experience, consuming bandwidth and network resources. This impact is instantly translated to lower conversion rates and revenue loss. Companies need to rethink their security strategy and embrace more sophisticated solutions as rate-based security solutions continue to fall short.
Stateful Devices: #1 Point of Failure
In such conditions – whether it is a high volumetric botnet or a Low-and-Slow DoS attack – common IT devices, including firewalls, application delivery controllers and intrusion protection systems, represent the greatest risk for an outage, as their connection tables are getting quickly filled and they crash due to resource consumption. Consequently, they require a dedicated attack-mitigation solution to protect them.
Cyber-Ransom Proves Easiest, Most Lucrative Tool for Cybercriminals
Prior to the headline-catchy IoT botnet attacks, organizations across the globe suffered a ransom tsunami coming mainly as a variant in the form of hundreds of encrypting malware types, many of which were developed and discovered this year as part of the hype. The other form was extortion letters followed by DDoS attacks. This has proven to be a very beneficial tool for cyber criminals to make easy money. Some groups made DDoS-for-ransom a profession, leveraging a set of network and application attacks. Their success quickly drew followers and copycats joining the ransom bash. 41% of organizations named ransomware as the #1 motivation behind cyber-attacks they suffered this year.
That finding corresponds with the #1 business concern cited by organizations, which is data loss. For example, in 2016 Radware witnessed medical records traded for a higher value than credit cards in Darknet marketplaces. Another example is social and political protests accompanied by cyber-attacks targeting governments and civil service in an attempt to reveal confidential documents – either to prove their claims or simply as a revenge.
Cyber-Attacks Cost Almost Twice What You May Think
Although cyber-ransom attacks make it is easier to estimate the financial losses caused by an attack, most businesses (60%) are in the dark when it comes to understanding the actual losses associated with a cyber-attack. Those who do quantify the various aspects of the losses estimate the damage at nearly double the amount compared to those who have no measurable practice of estimation.
Uncrossed Chasm? Security Strategy Evolves More Slowly Than It Should
The cost issue is just one example of the growing gap between the defenders and offenders. While organizations battle budget, bureaucracy, and expertise – hackers are much more agile in developing new attack tools and techniques. The result of the two different cruising speeds is an ever-expanding chasm between the businesses and perpetrators. Will the gap ever shrink? Not in the near future. The answer, I’m afraid, will only come after a few years when the majority of organizations will adopt security solutions based on machine learning, behavioral analysis and continuously adaptive models.
What Else Changed in Security from 2016?
Whether you want to know more about today’s attack vector landscape, understand the business impact of cyber-attacks on organizations, or learn more about emerging attack types and tools, this report is for you. This research is an objective review of 2016 cyber-attacks from both a business and a technical perspective, and offers practices for organizations to consider when planning for cyber-attack protection in 2017.