New Security Threats
As security threats evolve, organizations must fine-tune their risk management approaches to reflect the new realities for 2013 and beyond.
"Our systems will never be impenetrable, just like our physical defenses are not perfect, but more can be done to improve them," U.S. Defense Secretary Leon Panetta said in a recent speech about cybersecurity.
Many organizations need to develop a much better understanding of attackers' motivations to help ensure they take appropriate steps, such as implementing the right security controls, to mitigate the risk, security experts says. Plus, many organizations are failing to train staff members on how to recognize the warning signs of an attack so that appropriate responses can be quickly implemented.
And because new versions of malware are exploiting vulnerabilities in outdated operating systems and software, a risk management strategy also must include frequent updates and upgrades of software and systems.
As we enter 2013, security experts say that the top threats are posed by organized crime, hacktivists, nation-states and insiders.
For crime rings, the motivation is simple: fraud. Cybercriminals use keyloggers and ransomware to steal identities, access confidential corporate information and perpetrate financial fraud. And they're developing advanced skills.
In August, the Federal Bureau of Investigation issued a warning about attacks that rely on a new type of malware known as Citadel. Attacks targeting consumers had been launched with ransomware feigning to be from the FBI.
While Citadel, a keylogger, worked in the background, the ransomware locked consumers' computers and then demanded they pay a fine. Unsuspecting consumers were persuaded to provide payment card details and other personally identifiable information.
Hacktivists wage attacks against well-known brands for political and social attention. Groups using distributed-denial-of-service attacks - including Anonymous, which has taken credit for attacks against Citigroup, Sony, PayPal, Amazon and others, and Izz ad-Din al-Qassam Cyber Fighters, which has attacked leading U.S. banks - have attracted international attention. Experts warn that hacktivists could be backed by crime rings or nation-states.
"These groups are trying to make a point, and they're incredibly efficient at it," says Wade Baker, director of risk intelligence at Verizon. "They're using different methods. They seem to be adapting to the response set up by the targeted entity."
Experts suggest organizations implement cross-departmental training programs to help employees recognize DDoS warning signs so that appropriate responses can be quickly implemented.
Nation-states frequently seek access to intellectual property and state secrets that they can use to gain an economic, political and military edge over other countries.
And when it comes to insiders, it seems the unwitting often pose the greatest threat. It's not their motivations, but the motivations of those who target them, that organizations have to take into account.
It's not a new threat - it's how hackers broke into security firm RSA's IT system in 2011 - but the trend toward exploiting clueless employees is gaining momentum.
The following is a breakdown of the four groups that continue to pose the greatest cybersecurity threats, the methods they use and mitigation strategies experts from numerous industries suggest.
Organized crime rings are typically behind the Trojan and ransomware attacks that strike online and mobile users. Malware is quickly becoming big business in the cyber-underworld, and hackers are selling well-planned business strategies to distribute, support and coordinate their attacks.
The new Zeus variant known as Citadel marks a new era in malware strategy. Experts say Citadel, a commercial malware, was the first Trojan to be promoted for sale in underground cyberforums along with ongoing technical support and troubleshooting.
Collaboration and joint attacks are growing as well. Citadel attacks were waged in conjunction with the ransomware known as Reveton, which used the FBI as a guise to scare online users into coughing up sensitive information.
And in the case of the newly identified Gozi variant known as Prinimalka, hackers have been working to recruit fellow botmasters to assist with a "blitzkrieg-like" series of attacks on financial institutions.
Then comes Eurograbber, an all-in-one Trojan attack that successfully compromises desktops and mobile devices. The attack, discovered in August by researchers at Versafe, gets around commonly used two-factor authentication practices in Europe.
Targeted phishing attacks sent via e-mail or social-network communications continue to grow. Phishing attacks jumped 79 percent in the second quarter of 2012, compared with the first quarter, according to security vendor RSA.
Attacks waged against mobile devices also are increasing. In late October, the FBI warned of two new Android Trojans - Loozfon and FinFisher - designed to steal mobile phone numbers and contact details and launch spyware that allows hackers to remotely control and monitor a compromised Android device.