Cytegic January 2015 Cyber-Intelligence Update

Cytegic continuously monitors the cyber threat landscape and analyzes various inputs to describe threat agents, attacks and controls. The following is a high-level summary of events from January 2 that have been included in our Intelligence Package updates and monthly report. To receive a copy of the complete report please contact us at: info@cytegic.com

Major Incidents and Trends:

Terrorists and Hacktivists

Throughout the past month, two of the major trends of last year regarding terrorists and hacktivists continued to grow – on one hand, ISIS-affiliated attackers (mostly sensationalists, rather than actual terrorists) continue to attack high-profile Western targets in order to show their support of the terrorist organization; on the other hand, hacktivist, mainly linked to Anonymous, continued to see themselves as vigilantes and declared “cyber-war on terror” after the wave of attacks in France.

Very similarly to the Sony case, media outlets are valid targets for cyber-attacks due to the content they publish, and should understand the cyber-reactions to their actions.

Financial Hackers

The most interesting cases of cyber-crime from the past month emphasized the fact that while financial hacking tools continue to evolve, a big part of them still rely on the good and basic tools and techniques, with some alterations. As such, we have seen the reuse of Zeus against banking customers, the rise of the ZeroAccess botnet from the ashes, and large scamming and blackmailing campaigns leading to the theft of many millions of dollars.

Insiders

Internal attackers have always been a major concern for large organizations handling sensitive financial and customer information. This month, several major incidents were disclosed, when internal employees from Morgan Stanley and Home Depot were charged with abusing their privileges to steal sensitive data from their employers. These incidents emphasize the threat internal attackers pose to organizations and show that the threat is relevant to all industries and sectors. Internal attacks are relevant to organizations which hold sensitive financial data which may be sold later on black markets. This trend will continue to rise as long as web-anonymity rises and the monetization of sensitive information rises.