How to Not Become Target of Cyber Crime

The security landscape globally as well as in India is changing very rapidly. Cyberattackers are leap-frogging defenses in ways companies lack insight to anticipate. According to Symantec’s Internet Security Threat Report Vol. 20, globally five out of every six large companies were targeted in 2014, amounting to a total of 40 percent increase from the previous year. In India, despite stepping up their information security measures, businesses continue to be an attractive target for cybercriminals. Almost no company, whether large or small, is immune to cyber crime.In fact, in 2014 60 percent of targeted attacks were aimed at large enterprises in India.

Shrikant Shitole, Managing Director- India, Symantec, said that attackers are infiltrating networks by hijacking the infrastructure of major corporations and using it against them. In 2014, one of the significant observations was that cyber attackers were capitalizing on exploiting software vulnerabilities which took an average of 59 days to patch compared with only four days in 2013. They are also using tactics like social engineering to extort money from victims in addition to targeting them on social networks. “This complex threat landscape globally and in India, highlights how security needs to be a core practice of companies large and small,” said Shitole.

Evolving Modern day IT Infrastructure

The technology landscape is witnessing a dynamic shift with the influx of digitalization, mobility and internet of things, creating lack of control and making more industries a potential targets for cybercriminals. In 2014, attackers continued to breach networks with highly-targeted spear-phishing attacks, which increased a total of eight percent. What makes last year particularly interesting, however, is the precision of these attacks, which used 20 percent fewer emails to successfully reach their targets and incorporated more drive-by malware downloads and other web-based exploits. Advanced attackers continued to use increased levels of deception to infiltrate networks and, in some cases, hijacked the infrastructure of major corporations and using it against them. Some of the vulnerabilities noticed are:

•    Tricking companies into infecting themselves by Trojanizing software updates to common programs and patiently waiting for their targets to download them—giving attackers unfettered access to the corporate network;

•    Using stolen email accounts from one corporate victim to spear-phish other victims higher up the food chain;

•    Taking advantage of companies’ management tools and procedures to move stolen IP around the corporate network before exfiltration;

•    Building custom attack software inside the network of their victims to further disguise their activities.

In a world where perimeters are fast disappearing, it’s not enough to simply defend against exploits and threats. “At Symantec, we believe it’s time to go on the offensive, leveraging the next generation of both threat and information protection technologies to fight increasingly sophisticated adversaries.This aggressive and offensive posture would entail: keeping adversaries out; protecting the valuable information that’s inside; continuously gathering and applying intelligence to gain advantage; and providing comprehensive incident response and forensic support if a breach does occur,” said Shitole.

The Danger of Advanced Persistent Threats

Shitole explained that an Advanced Persistent Threat (APT) is a type of a targeted attack, which uses multiple phases to break into a network, attempts to avoid detection, and also harvests valuable information over the long term. While carrying out these attacks, the cybercriminal invests sufficient time in researching the target organization and their internal and external stakeholders - often aimed at stealing intellectual property. Concurrently, they also develop malware that could take advantage of the known vulnerabilities on various websites that the employee visits, mostly through a phishing email. They break into the target network in well-calibrated phases over a period of time.

Reconnaissance, the most important phase to start the attack, is the phase (when the attacker leverages information from different factors to understand their target).  The next phase called Incursion is when the attackers inject the malware through the recently found vulnerabilities in the systems or people.  Discovery, another crucial step is when the attacker has now become an insider, studying the internal defense systems of the target organization to craft his next move and to stay undetected. After studying the systems well, the attacker launches his attacks in the Capture phase by gathering all the information he wants to steal or install a malware to disrupt company operations.  Exfiltration is another important step for attackers in which they send all the captured information to their home base for further analysis and exploitation without detection.

Need of the Hour for Enterprises

The IT infrastructure has become more complex and information is now dispersed across devices, apps, and locations: physical, virtual and cloud. Adversaries are targeting all control points from the gateway to email to the endpoint.  According to Shitole, this poses greater threats for organizations, who currently lack holistic security practices and technologies to combat today’s advanced threats. “Organizations now need to move from just keeping malware out to finding the malware in their network and responding to it quickly and efficiently. The need of the hour for an organization today is to have security across all control points working together, with incident response capabilities and global information intelligence,to beat the bad guys,” said Shitole.

Security Challenges and Solutions for

BYOD adopters

In today’s increasingly BYOD-friendly environment, many apps carry the risk of data leaks that companies can’t afford to let go unchecked. While this trend offers organisations and its workforce flexibility and increases business profitability, it has also resulted in an unprecedented increase in endpoints thus amplifying the accessibility of the corporate information on premise and outside the corporate network, according to Shitole.

“Since mobility is an integral part of almost every organization, Symantec has extended their strong authentication solution to integrate with biometrics (like fingerprint scanners on iOS) for password-less authentication. Further, Symantec has recently announced Mobility: Suite 5.3, which extends DLP technology to mobile devices which is a continuation of Symantec’s strategy to expand to cloud and mobile platforms. By integrating mobile application management (MAM) capabilities with DLP product, Symantec enables organizations to manage DLP across all endpoints, including mobile devices, without requiring mobile device management (MDM) or full device VPNas more information these days is managed and stored in the cloud,” elaborated Shitole. Additionally, he suggested a few tips & tricks that companies can undertake to administer safe enterprise mobility policies:

Add security measures to your wireless network. Having a password or a security key helps keep unauthorized smartphones from accessing your wireless connection.

Put a pin or password on it. Employees who use mobile devices for business may carry sensitive company information on their phones.

Examine app permissions. Educate your users about examining these app permissions before granting access.

Regulate apps accessed on the network. Protect your company by developing a policy item to determine which apps can be downloaded or accessed via the corporate network.

Lose it, lock it, wipe it. Download an app on your mobile devices that allows you and your employees to lock and wipe a phone in the case of theft or loss

Update, update, update. Make sure that employees get in the habit of updating apps as soon as they are prompted to.

Don’t let mobile security be your blind spot. With so much personal data on our devices and mobile malware on the rise, our mobile now needs the same attention given to PC protection.