Wednesday, March 29, 2017

The most dangerous risks are where you didn’t believe they were

The report of the week

As they say, ‘all that glitters is not gold', and if you don’t believe it, then ask the Trojans about the time when they saw enter that imposing horse, which supposedly was a gift from the Greeks, and which turned out to be the end of the city and the destruction of most of Its citizens A wooden horse, something that seemed harmless, became one of the most powerful tools of war. If we move this example to the world of cybersecurity, not all the dangers are behind the international groups of cybercriminals or major phishing campaigns against relevant companies. You can be infected by many other routes and by means much more homemade or simple than you believed.

Carbon black has shown the results of its latest research report, Beyond the Hype, which has the opinion of 400 cybersecurity researchers. It is focused on highlighting the risk that come with non-malware attacks, which according to results, represent a greater risk to organizations despite what might be thought. 93% of respondents agree with this statement and almost two-thirds (64%) of them stated that they had observed an increase in these non-malware attacks since early 2016.

And if the worst attacks are not caused by malware, where do they come from? 55% come from a remote connection, others rely on WMI (41%) and PowerShell (34%), from within the memory (39%), and the 31% take advantage of Office macros. The creativity of cybercriminals keeps growing and the attacks come from any way. Some hackers impersonate the CSO to gain access to corporate IP, hide inside Powershell and attempt to access a worker's profile using the classic 'forgot my password' in order to reset the data. Some others also impersonate the human resources department asking for personal data to 'update the internal system'.

Artificial Intelligence is also discussed in the study. AI is in its early stages and still cannot replace people in cybersecurity decision making. Three-quarters (74%) of the researchers said that the solutions to cybersecurity problems driven by AI were not the right ones yet. That's why 87% of security researchers said that it will take more than three years before they trust AI to lead cybersecurity decisions.

Focusing on companies, the results show that executive teams have a 16% more confidence in their security systems compared to employees, who are the ones using the software on a daily bases. It is a striking fact, and it is complemented by the opinion of the respondents, who ensure that only 28% of them are sure of the correct management of the executive team on cybersecurity issues. When receiving any attack, it mainly focuses on customer data (62%), corporate IP (53%), service interruption (51%), access to company credentials (42%) and financial data (41%).

What happened with the Trojan horse has occurred again in the 21st century, with a so-called 'free pet' guaranteed to many Worl of Warcraft players. The victim received an email from a friend who guaranteed a free pet in the game, but it was actually infected by phishing. With friends like them, who needs enemies?
Imagen :


Post a Comment