First WannaCry, and now Petya/NotPetya. Hackers are faster, quicker, and becoming more aggressive, adaptable and assertive. It has never been more important for organisations to assimilate intelligence from multiple sources in order to understand how an attack may have been conducted. One approach is through analysing the motivations behind that attack.
A hacker’s motives hold equal value to understanding the vulnerabilities in company networks. By doing so, an organisation can not only identify how an attack was carried out, but also which of their assets are most valuable to hackers. This allows for better distribution of security resources.
The first step in doing this is to determine whether the attack was an indiscriminate or targeted attack. All cyber-attacks can technically be categorised as ‘targeted’, however, the scope and consequence of each vary greatly.
Indiscriminate attacks are the most frequent type of cyberattack any organisation is likely to come across. Examples of such include: malware, ransomware, viruses, and worms.
Opportunistic in essence, these attacks can have drastic consequences as they are released en masse, to ensnare the maximum number of victims.
The relative ease to attain and deploy indiscriminate attacks is partially what makes them so prolific and dangerous. Those with the necessary expertise can mass-produce and sell variants on the Dark Web, enabling adversaries with little expense to engage in crimes that would otherwise not be available to them. As these attacks take little time to deploy, regardless of whether they are initiated by the creator or not, they are relatively cheap and enticing in their effectiveness.
Indiscriminate attacks occur frequently and on various scales. The most recent being Petya/ NotPetya, which is yet to be fully understood while just two months ago the world was hit by WannaCry. This was the first ransomware that spread globally and perplexed security experts with its worm-like behaviour. It used an exploit against MS17-010, a vulnerability in Microsoft’s SMB protocol due to the recently leaked NSA backdoor that resulted in continued spread of the ransomware on its own.
The frequency of such attacks is only expected to increase, almost as though these were ‘tests’ for something bigger. Organisations must understand how they could fall victim to such malicious activity in order to protect themselves. The best way to avoid becoming a victim of an indiscriminate attack is “don’t click”. This includes avoiding pop-up ads, suspicious emails, and seemingly authentic sites.
Targeted attacks are another matter altogether, and if you’re thinking about Ocean’s 11 for this one, you’re not too far off. These differ from indiscriminate attacks in that they usually require a team to be assembled; plans need to be made and a decent amount of social engineering is required for it to work. Additionally, they are intricate and costly, requiring a deliberate process for infiltrating the victim’s infrastructure.
Necessitating vast resources to implement their plans over a long period of time and enough sophistication to adapt and adjust their attacks in response to different levels of defence. Such techniques are undoubtedly sophisticated, however, they are not as complex as Advanced Persistent Threats (APTs).
Generally, APTs are designed to disrupt critical infrastructure or political affairs, whereas targeted attacks routinely shoot for financial gain. In addition to potential financial losses, targeted attacks can be detrimental to the credibility and reputation of an organisation.
Larger organisations are not the only ones who should be concerned about targeted attacks. Smaller businesses are increasingly becoming popular targets too. This is due to the fact that they usually have immature security programs.
By integrating threat intelligence into their security stack, small businesses can use free tools that provide organisations valuable insight into information that could warn of a targeted attack.
Educating employees on cyber best practices and enacting adequate security measures such as the regular backups and patching systems to the latest version, is also imperative for businesses of any size to further protect themselves from cyber-crime.
The ultimate defence
Sharing information about such malicious activity with trusted partners or local authorities is one of the best ways to prevent both categories of attacks. This may seem daunting, especially when you consider the potential exposure this may create, but the benefits outweigh this risk and are always completed within trusted circles.
Dedicated efforts from Information Sharing and Analysis Centres (ISACs) and government initiatives are helping to bridge the gap in trust and more organisations will over time start to reap the benefits.
Moreover, it is essential that every part of the business has an understanding of the threats coming into it. An effective system should be customisable for each individual organisation, and be aware of all of the possibilities. Having a well-educated team is invaluable and one of your best lines of defence against hackers.
Sourced by Jonathan Martin, EMEA Director of Operations, Anomali
The UK’s largest conference for tech leadership, Tech Leaders Summit, returns on 14 September with 40+ top execs signed up to speak about the challenges and opportunities surrounding the most disruptive innovations facing the enterprise today. Secure your place at this prestigious summit by registering here