By John Worrall
[blockquote cite=”Craig Williams” caption=” Cisco Talos Security Intelligence and Research Group “]Every company has something of value to protect, something that attackers want. In today’s connected business world, everyone is a potential target.[/blockquote]
Two weeks ago, CyberArk released a new threat research report, analyzing the forensic experiences of the world’s leading cyber threat investigators in remediating the most devastating breaches.
The report identifies the commonalities across advanced attacks, enabling organizations to better understand their adversary so they can build more effective defenses against the latest threats. We’ll be blogging about the six primary findings of the report – but if you want to read them for yourself, you can download the report for free.
Finding #1: No One is Safe
While there will always be outliers, targeted cyber-attacks are typically conducted for two primary reasons: financial gain through the monetization of stolen data or cyber-espionage.
The common belief was that unless you were a bank, credit card processor, or government (affiliated) organization, you didn’t have to worry about being the target of an attack. After all, what does a small, low tech manufacturing company have that a Russian or Chinese cyber-attacker target could monetize?
The threat investigators in the report have traced attacks to non-traditional targets such as trucking companies and all types of professional services firms, from management consultants and auditors to litigation attorneys, frequently as a key step in an attack on a business partner. As organizations continue to strengthen defenses, attackers increasingly are looking to exploit the smaller, less security-conscious partners to gain defacto backdoor access to targeted networks.
In an increasingly interconnected world, the tactic of attacking supply chain partners has been used multiple times in some of the biggest breaches in recent memory. The reasons are simple: these soft targets provide an entry way into the networks of more secure business partners. And what we found in prior research is that while more than 60 percent of businesses allow third-party vendors remote access to their internal networks, 58 percent have no confidence their partners are properly securing and monitoring privileged access to their networks.
When it comes to espionage, gaining network access to the primary target may not be the goal. For example, one security investigator described a cyber attack against a major manufacturer of pipes and plumbing parts. Forensic evidence suggested the attackers breached the IT systems of the pipe manufacturer as an easier way to collect information about what types of energy exploration their customers were doing, based on the pipes / fittings they were buying. This is highly valuable intellectual property and easily monetized.
The threat report is full of stories like this – demonstrating why cyber security today can not be just about your business, but has to account for every touch point on the extended corporate network. This is why it’s critical identify and lock down privileged accounts within your organization, secure remote vendor access, and understand what your trusted business partners are doing to secure their own businesses.