Through human and conventional openings, successful breaches happening at dizzying speeds
By Ricci Dipshan, From Legaltech News
Hackers and cybercriminals are posing as employees to access company systems and finding success exploiting in traditional weak spots
Law firm cyberthreats may have evolved over the past year to rely more on insider threats to quickly breach systems, but many still use tried-and-true approaches such as vulnerability hacking and password exploitation, according to the Verizon 2016 Data Breach Investigations Report. The findings are based off 100,000 security incidents — a cybersecurity event that comprises the integrity, confidentiality or availability of data — of which 3,141 were confirmed breaches.
The report found breaches happening at a dizzying speed in 2015, as around 82 percent took only minutes to compromise a system, while 11 percent took seconds and 6 percent took hours. The numbers, Verizon noted, are influenced by the prominence of the phishing emails and the Dridex banking Trojan, which uses macros in Microsoft Office programs to infect systems.
While breaches happened quickly, exporting stolen data from a system or device took markedly longer, with around 68 percent taking hours, 21 percent taking minutes and 7 percent taking seconds. The report said the numbers were affected by cyberattacks on point-of-sale (POS) attacks, where malware sits in a system for an extended period of time, periodically exporting data out to cybercriminals.
Dave Ostertag, global investigations manager at Verizon Enterprise Solutions, told Legaltech News that an “attack happens in seconds because you appear to be an employee and use their credentials. … If it is not a phishing email directly to an employee to access their systems and create a backdoor, it’s a phishing email going to that individual at home, or a remote location, and stealing that username and password.”
Throughout 2015, phishing remained one of the most successful and damaging tools in the cyberthreat arsenal. Users opened 30 percent of phishing emails with an average time of 1 minute, 40 seconds, with 12 percent clicking the malware attachment with an average time of 3 minutes and 45 seconds. Only 3 percent of those receiving phishing emails reported it to management. Alongside phishing success, the report also found that ransomware attacks increased 16 percent in 2015.
“More than 60 percent of the breaches happen because of phishing emails, and because of people, your potential attack vector points are every single employee in the enterprise. …With all the knowledge, with all the media attention, with all the training we do on phishing, we still have a fairly significant portion of people who are going to open those phishing emails or click on the link or open the attachment. Trying to prevent at the perimeter is very difficult,” said Ostertag.
In a sign of shifting targets, the report found that cyberattacks on user devices grew to almost reach the level of attacks on servers, which registered at just over 40 percent in 2015, down from over 50 percent in 2009. During the same period, cyberattacks directed at people rose from under 10 percent to over 20 percent in 2015.
The increase in phishing has also led to breaches being found less by internal departments and employees and more by law enforcement, which take down botnet campaigns and criminal organizations, and third party vendors.
Law enforcement’s role is of particular importance in the cybersecurity landscape given that phishing attacks are mainly perpetrated by organized crime syndicates or cyber attackers connected to nation-states.
While phishing and ransomware are proving effective against targets, cyberattacks and hackers are to still breaching systems through exploiting unpatched vulnerabilities in software, devices or operating systems.
The report noted that 2015 was similar to 2014, with the top then-known vulnerabilities accounting for 85 percent of successful exploited traffic and 15 percent accounting for over 900 common vulnerabilities and exposures (CVE).
“A part of this is the fact that a lot of large organizations we investigate are large organizations because they acquire small organizations. And when you acquire small organizations, the networks come with them. So you end up with a patchwork of legal networks connected together. Many times when you do that, the budget goes to simply allowing those disparate networks to communicate to each other, not necessarily in making it smooth and not necessarily making it secure,” said Ostertag.
“In addition to that, with those complicated networks comes a variety of applications running on systems within those disparate legacy networks, and taking the time to go into a test environment to make sure that a patch is not going to negatively affect production on the system or an application is more of an effort than many companies want to take,” he added.
Given cyberattackers’ reliance on conventional openings, Ostertag stresses it is important not to forget how important traditional, prevention-based cybersecurity policies remain in today’s landscape.
IMAGE: Credit: Max Kabakov/iStockphoto.com
For more on this story go to: http://www.legaltechnews.com/id=1202756120893/Through-Human-and-Conventional-Openings-Successful-Breaches-Happening-at-Dizzying-Speeds#ixzz478XvMFON