Threat actors have focused on the quality of their attacks rather than quantity
‘Cyber threats in 2014 combined new techniques with the old, resulting in highly evasive attacks that posed a significant risk for data theft,’ says Charles Renert, vice president of security research for Websense.
The Websense 2015 Threat Report details eight key behavioral and technique based trends.
Cybercrime Just Got Easier
In this age of MaaS (Malware-as-a-Service), even entry level threat actors can successfully create and launch data theft attacks due to greater access to exploit kits for rent, MaaS, and other opportunities to buy or subcontract portions of a complex multi-stage attack. In addition to easier access to cutting-edge tools, malware authors are also blending new techniques with the old, resulting in highly evasive techniques.
Something New or Déjà Vu?
Threat actors are blending old tactics, such as macros, in unwanted emails with new evasion techniques. Old threats are being “recycled” into new threats launched through email and web channels, challenging the most robust defensive postures. Email, the leading attack vector a decade ago, remains a very potent vehicle for threat delivery, despite the now dominant role of the web in cyberattacks. For example:
In 2014, 81 percent of all email scanned by Websense was identified as malicious. This number is up 25 percent against the previous year. Websense also detected 28 percent of malicious email messages before an anti-virus signature became available.
Digital Darwinism - Surviving Evolving Threats
Threat actors have focused on the quality of their attacks rather than quantity. Websense Security Labs observed 3.96 billion security threats in 2014, which was 5.1 percent less than 2013. Yet, the numerous breaches of high profile organizations with huge security investments attest to the effectiveness of last year’s threats.
Avoid the Attribution Trap
It is particularly difficult to do attribution, given the ease by which hackers can spoof information, circumvent logging and tracking or otherwise remain anonymous. Often, analysis of the same circumstantial evidence can lead to widely different conclusions; use the valuable time following an attack on remediation efforts.