Credential Theft & Business Compromises Continue as Cyberthreats

A cybersecurity expert emphasized that 2017 attack trends such as credential theft and business email compromise are still threats as breach sources; and what businesses and consumers can do to secure themselves.

Jeff Wilbur, technical director of Online Trust Alliance revealed that attacks targeting businesses nearly doubled from 82,000 in 2016 to 159,700 in 2017, marking another worst year ever in data breaches and cyberincidents. However, since the majority of cyberincidents are never reported, OTA believes the actual number in 2017 probably exceeded 350,000 and that 93% of all breaches could have been avoided had simple steps been taken.

“That was one of the big findings that we’ve had over the last couple of years, especially in expanding the definition of breaches to be more all types of cyberincidents,” Wilbur said. OTA is part of the Internet Society, which has more than 95,000 individual members, the organizational home of the Internet Engineering Task Force and the Public Interest Registry which manages the .ORG, .NGO and .ONG domain names

In its report earlier this year, the OTA analyzed data breaches, ransomware targeting businesses, business email compromise, distributed denial of service attacks, and takeover of critical infrastructure and physical systems over the course of 2017. It highlighted the Internet Society’s concerns around large-scale data breaches, how data is being used, cybercrime and other online threats are affecting internet users’ trust.

The OTA recommended regular patching and special attention to vulnerability. Neglecting either or both can lead to breaches, noting that both should receive special attention in light of the Equifax breach, which exposed sensitive information of some 145.5 million Americans. OTA maintained patches play an integral role due to the discovery of other chip flaws such as Meltdown and Spectre.

“A lot of these breaches or attacks happen because the attacker finds a vulnerability in an old system,” Wilbur said. Vulnerabilities in old unpatched Windows systems and Apache Struts framework could also lead to attacker exploitation. “Regular patching has always been a best practice and neglecting it is a known cause of many breaches,” Wilbur said.

OTA found there were 134,000 ransomware attacks on businesses, nearly doubling that of 2016. Ransom-based attacks come delivered in various forms, via malware-laced phishing attacks, malvertising, and drive-by malware that encrypts data and block access to systems, as well as a newer threat, the ransom denial-of-service attack, threats to unleash a DDoS outbreak if ransom is not paid.

Wilbur stressed that in 2017, 93% of all breaches could have been avoided with some simple steps such as regularly updating software, blocking fake email messages using email authentication and training people to recognize phishing attacks. many cyberincidents were enabled via users who accidentally provided credentials or whose systems were infected when they clicked on links or attachments.

The OTA report noted as the workforce shifts to be more mobile and flexible, and use of personal devices increases, the ability to keep a tighter grip on security becomes more difficult. Traditional best practices such as blocking malicious email, heightening the security awareness of users and invoking the principle of least privilege (i.e., users given access levels to systems appropriate with their role) are foundational. “But in today’s environment, an extra boost is needed. This can be provided by enabling multi-factor authentication on key systems (since most attacks start with credential theft) and monitoring access to key systems to look for anomalies.”