Highlights from our monthly Big Data analysis report (Produced by DyTA)

Cytegic DyTATM intelligence platform gathers, processes and analyses hundreds of thousands of intelligence feeds on a month basis, to allow a quick and understandable cyber-trend analysis. DyTATM enables cyber-intelligence analysts and CISOs to understand and analyze the threat level of each attacker and attack method relevant to their organization, according to their geo-political region, industry sector and corporate assets.

The following excerpts represent the most interesting insights that DyTATM produced regarding February 2015 cyber-security trends:

 

1.North-America Top Attackers

In the past month, financial hackers continued to be the most active and threatening attackers in North-America, making for 40% of the cyber-attacks, though their threat level fluctuates often. The activity level of Political Cyberwarriors (nation-states, terrorists and espionage groups), on the other hand, remained at a steady level throughout the month. This coincides with our assessments – national cyber-espionage (with APTs as part of it) is by nature less volatile and less prone to changes than financially or sensation-motivated attacks.


2. North-America Most Targeted Assets

Client Data, consisting, amongst others, of personally identifiable information (PII) and customer IDs and passwords, has been the most sought-after asset in NorthAmerica this month, making for 35% of the most targeted assets in the region. More “obvious” financial assets, such as agreements, transactions and payment cards also accounted for almost 30%.  These statistics emphasize two of the top trends we discussed in previous updates and in our 2015 forecast:

  • PII remains very attractive for financially motivated hackers, which use the information to commit fraud (such as banking fraud) or sell it on online black markets.
  • While POS malware, used to steal payment-card details, gained many headlines during the previous months, its activity level declined after the beginning of the year. This type of attack usually coincides with shopping seasons, and now that the holiday season is over, the activity level returned to its “natural state”.


3. Banking and Finance Sector- North America vs. Western Europe – top TTPs 

DyTA enables analysts to conduct cross-sector and cross-GeoPol research and analysis. As such, when comparing the TTPs targeting the financial sectors in North America and Western Europe several interesting insights appear. For once, malware and social-engineering attacks dominated both areas in the past month. But, while North-America has seen a slight decline in the activity level of these attacks, Western Europe’s threat level rose systematically throughout the month. Additionally, the other top TTPs “behave” quite similarly, meaning the threat to the sector is similar across continents.