Targets of Opportunity Still Hackers’ Best Friends, With Some New Twists, Mid-Year 2013 ENISA Report Shows
The European Network and Information Security Agency (ENISA) Threat Landscape, Mid-year 2013 report published last week was more confirmation that while the cyber threats which dominated the threat landscape in 2012 are still chart-toppers so far in 2013, hacker tactics and delivery methods continue to evolve. Joe Caruso, Founder and CEO/TO od Global Digital Forensics discusses the report and the increasing need for regular network vulnerability assessments to stay ahead of the latest trends in the world of cyber crime.
New York, NY (PRWEB) September 25, 2013
One thing is proven relentlessly in this digital age, cyber crime has no borders. So even though the Threat Landscape, Mid-year 2013 report published last week is the work of the European Network and Information Security Agency (ENISA), “The finding are just as relative to organizations here in the US,” says Joe Caruso, founder and CEO/CTO of Global Digital Forensics (GDF), a premier cyber security solutions provider based out of New York, “ and failing to stay up-to-date and informed about all the current trends in cyber threats and delivery methods is one sure way to put any organization’s digital assets at risk. That’s exactly what network vulnerability assessments conducted by knowledgeable and competent professionals are designed to do, but doing them regularly is also paramount in the fluid and ever-evolving world of cyber crime.”
Oldies still topping the charts.
“One thing that should catch everyone’s eye is the fact that almost every type of threat trended up compared to last year, with the exception of spam, which has slowly but steadily been being replaced with much more effective phishing and spear phishing campaigns. But holding the “king of the hill” title is still the Drive-by-exploit, which you can think of as taking advantage of a target of opportunity. A Drive-by can take many forms, but they usually involve misdirection, like fake pop-up ads that prompt you to click on an ad or a fake error message that make you think you’re getting one thing while delivering quite another when you navigate to a site which has been injected with malicious code. The bad news is that many of the sites hosting the malicious code may be legitimate and are often not even aware that they have been infected, and that they are facilitating the spread of malware to others. But once the injected code is happened upon, it can take advantage of weaknesses in popular applications like Adobe Reader and Air, Flash and Java, browser exploits, or even unpatched operating system vulnerabilities. And from there the hacker responsible is free to wreak havoc with their newly found access to the victim and their network.”
Easier access to exploits and harder to follow their tracks.
“One of the constants across the board is that hackers are getting better at covering their tracks by using delivery methods which are much harder to track, from leveraging cloud and mobile technology, to an increased focus on using malicious URLs. The most frightening aspect though, is that these days almost anyone with the desire to hack others and a few dollars to invest can gain access to powerful malware that is almost as easy as a point and shoot camera, for everything from code injection, to DDoS attacks (Distributed Denial of Service), because black market exploits are increasingly easy to find on numerous hacker boards, and anonymous digital currencies like Bitcoins are making those kinds of transactions that much harder to trace.”
Don’t try this at home.
“It takes a full and focused commitment to stay on top of everything when it comes to cyber threats, with new tactics, vulnerabilities and malware hitting the scene all the time. So it only makes sense that trying to handle the task completely internally will come up far short most of the time. Having professional network vulnerability assessments regularly performed by seasoned experts like our teams at GDF really slides the effectiveness scale way up. We live and breathe this stuff, so it’s not an interruption of our job, which is what it typically turns into for organizations trying to trudge the cyber security path alone, it’s the purpose of our job. And our commitment to staying informed, educated, and fully competent in today’s threat landscape, while also keeping an eye on the trends developing for tomorrow, will not be rivaled by any client’s internal IT pros.”
The key is understanding how the threat landscape can affect a particular organization’s weak points and unique digital architecture.
“Every client’s needs are unique. A retailer and a financial institution will typically have very different vulnerabilities to worry about, not only from a technology standpoint, but also from a regulatory compliance standpoint. The same goes for health care organizations, universities, design firms, infrastructure entities and so on, and we’ve worked with them all. That broad expertise gives us a big leg up when it comes to identifying weaknesses with our comprehensive network vulnerability assessments and professional penetration testing. It allows us to streamline the process to make it the most effective and revealing for any type of client, while keeping costs in check by not chasing ghosts which are completely irrelevant to the client’s situation; one client may need an extreme focus put on mobile devices, another cloud services, another vulnerable applications. We look at the big picture first, then start focusing on the necessary details. In the end, the client’s cyber security posture is not only substantially improved, but the groundwork for regulatory compliance and emergency incident response are also developed and/or strengthened. And that can make a huge difference in both the devastating costs a successful cyber attack can have, as well as the lost client trust and business integrity that can suffer right along with it. In a nutshell, the advantages of professionally conducted network vulnerability assessments and penetration testing far outweigh the potentially sky-high costs of inaction.
*Global Digital Forensics is a recognized industry leader in the fields of computer forensics services, electronic discovery (eDiscovery), cyber security and emergency incident response, with years of experience assisting clients in the government, banking, healthcare, education and corporate arenas. For a free consultation with a Global Digital Forensics specialist, call 1-800-868-8189 about tailoring a plan which will meet your unique needs. Emergency responders are also standing by 24/7 to handle intrusion and data breach emergencies whenever and wherever they arise. Time is critical if a cyber-incident has occurred, so don’t hesitate to get help. For more information, visit http://www.evestigate.com.
For the original version on PRWeb visit: http://www.prweb.com/releases/2013-Cyber-Threats/Mid-Year-Report/prweb11156132.htm