Cybercrime is getting easier and what’s old is new again

New techniques are blending with old and exploit kits are making it easier to create advanced threats – these are among the conclusions of the 2015 Threat Report from Websense Security Labs.

The security solution vendor’s annual report for 2015 looks at evolving attack trends, tactics and defense vulnerabilities, and how cutting-edge tools rather than technical expertise are helping cybercriminals up their game.

With redirect chains, code recycling and other techniques, cybercriminals are being more difficult to track, and they’re taking their exploits into the network framework itself, leveraging the wide use of older standards through the code base of Bash, OpenSSL SSLv3 and others.

“Cyber threats in 2014 combined new techniques with the old, resulting in highly evasive attacks that posed a significant risk for data theft,” said Charles Renert, vice-president of security research for Websense, in a statement. “In a time when Malware-as-a-Service means more threat actors than ever have the tools and techniques at hand to breach a company’s defenses, real-time detection across the Kill Chain is a necessity.”

Through its research, Websense identified four key behavioural and technique-based trends that security professionals need to be aware of.

  • Cybercrime Just Got Easier: The availability of exploit kits for rent or purchase — Malware-as-a-Service – allows cybercriminals to launch attacks more easily, with less expertise necessary, and from multiple vectors.
  • Something New or Déjà Vu?: Old tactics like macros are being blended with new evasion techniques and launched through email and web channel. While the web has a dominant role in cyberattacks, email remains a potent vehicle for threat delivery. The number of emails Websense identified as malicious was up by 25 per cent in 2014, and more than three million macro-embedded email attachments were identified in the last 30 days of 2014 alone.
  • Digital Darwinism: Cybercriminals are now focusing more on quality than quantity in their attacks. While Websense observed 5.1 per cent fewer threats in 2014, the number of high profile breaches hasn’t abated. Attackers are trying different attacks and adjusting their profiles based on the results – for example, call home activity rose 93 per cent while exploit kit usage dropped 98 per cent.
  • Avoid the Attribution Trap: It is becoming more and more difficult to trace attacks with the ways cybercriminals have to cover their tracks. Websense recommends focusing on remediation instead of attribution.

Finally, the report also sounded a cautionary note about the Internet of Things (IoT). While smart connected devices have tremendous potential to change our daily lives, with as many as 50 billion connected devices by 2020 that’s a plethora of new attack vectors if security isn’t central to IoT development.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Jeff Jedras
Jeff Jedras
Jeff Jedras is a technology journalist with IT World Canada and a member of the IT Business team. He began his career in technology journalism in the late 1990s, covering the Ottawa technology sector for Silicon Valley North and the Ottawa Business Journal. He later covered the technology scene in Vancouver before joining IT World Canada in Toronto in 2005, covering enterprise IT for ComputerWorld Canada and the channel for Computer Dealer News. His writing has also appeared in the Vancouver Sun & the Ottawa Citizen.

Featured Story

How the CTO can Maintain Cloud Momentum Across the Enterprise

Embracing cloud is easy for some individuals. But embedding widespread cloud adoption at the enterprise level is...

Related Tech News

Get ITBusiness Delivered

Our experienced team of journalists brings you engaging content targeted to IT professionals and line-of-business executives delivered directly to your inbox.

Featured Tech Jobs