Missing the point somewhat

Image: Stockfresh

18 August 2017

The latest NTT Security Global Threat Intelligence Centre (GTIC) Threat Intelligence Report is an analysis of events identified through the global visibility of the NTT Security client base.

The 2017 Q2 version found certain key trends:

  • Cyberattacks up 24% globally during Q2 2017
  • Manufacturers continue to be a key target for cybercriminals
  • 67% of malware attacks were delivered by phishing emails
  • Speed of attacks continues to increase exponentially, once proof of concept code is released

The information security site HelpNetSecurity in writing about the report states that according to the NTT report, “the frequency and sophistication of cyberattacks continues to rise globally”.

“’The frequency and sophistication of cyberattacks continues to rise globally’—the most troubling word for me here is ‘sophistication’”.

Having worked a while on the security end of things, and having reported on them for even longer, the most troubling word for me here is “sophistication”.

Every time there is a major incident, the victim often cries that the attack was a sophisticated one, as if to do so will somehow mitigate the fall out.

This always rankles.

I am very much convinced by the work of the likes of Dr Jessica Barker, and indeed the social engineer Jenny Radcliffe, who both have done sterling work in highlighting that the infosec industry tends toward victim blaming, which is counter-productive.

I realise that I too am guilty of such thoughts, but I would also contend that claiming to be the victim of a sophisticated attack that turns out to be something triggered by a phishing email is also disingenuous.

News source
For an information security news source to report that attacks are getting more sophisticated, when in actual fact, the claim is not really borne out by the document referenced, well…

The word “sophistication” is not actually used in the report, or at least not in the PDF copy I was able to access.

All of the other highlights pointed out by HelpNetSecurity do indeed appear, but it is only on page 19 of 26 that anything with regard to sophistication is mentioned and then only in reference to tools at the disposal of state actors.

“That said, many state-backed threat actors have access to zero-days or other sophisticated tools. To combat these threats, manufacturers need to ensure they have, at the very least, best practices employed.”

Worrying trends
The trends highlighted both by the report and HelpNetSecurity are indeed worrying, particularly the fact that manufacturing is being increasingly targeted, but what is just as concerning is that we seem to be falling for the same old gambits just as readily as in the past.

The report states that “67% of all malware distribution in Q2 ‘17 was email-based,” and “cyber criminals appear to be leveraging phishing emails with malicious attachments containing PowerShell commands in VBA macros as a primary attack vector”.

Now this is very concerning on a number of fronts. Firstly, the sheer volume of 67% of all malware distributed is massive, but secondly, the fact that phishing is still being employed as a primary delivery method means that users are still blithely clicking on these crafted delivery vectors as if they had never heard of a spoof email.

This is something that has to be addressed.

Irrespective of whether hackers subsequently use AI-driven, near sentient algorithms afterwards to grab data and exfiltrate it, if the initial attack is still made possible by a person clicking on something they shouldn’t then it is a simple attack—simple as that. To claim otherwise would be dishonest.

User awareness
What has to be addressed here is user awareness, and user investment. It has been shown time and again that if a user is engaged, enabled, informed and invested in the goal—keeping the organisation safe—they will be far more effective than pure technological efforts alone. But the first step is awareness, training and enablement. And that is the responsibility of the organisation.

Users have to know their individual actions can have a direct effect on the security of the company. Then they must know that with a bit of training they can safely make judgements on what is and isn’t safe. Furthermore, they can help by reporting suspicious incidents, communications or requests. Finally, they can become advocates and trainers themselves by sharing their knowledge and experience with others.

It is often the disgruntled, disenchanted worker that is more dangerous than the outright malicious outsider.

Over egging
So as we interpret figures in reports, we have to be careful not to over egg the pudding by assuming things that are not there. But we must also recognise the elephant in the room that is key to addressing the majority of the problem.

One final thing from the NTT report did cause a bit of a shiver. It reported that “reconnaissance accounted for 33% of all activity aimed at manufacturing clients in Q2 ‘17”.

The bad guys are watching, waiting, to be lucky, just once.

Be aware, be safe.

Read More:

Comments are closed.

Back to Top ↑