Let’s look at the commonalities between these various incidents and the emerging patterns behind them.
The first diagnosis that we can establish from these breaches is the following: these attacks have been very carefully planned, orchestrated and executed. They are highly sophisticated attacks that qualify as Advanced Persistent Threats (APT), engineered specifically against target companies. The scope of organizations impacted is impressive.
With the exception of HBGary, the targeted businesses are all large corporations with over 10,000 employees, operating significant volumes of assets, customer information and confidential data - a gold mine for cyber criminals.
The attackers are highly trained security experts, who are motivated by an appetite for challenge and financial gain. These attacks are planned and orchestrated with the precision of a military assault, where hackers first try and reproduce the entire network of the targeted organization in order to simulate the attack in their own lab environment, before executing their scenario. As evidenced in the HBGary case, criminals are showing a high degree of patience and determination.
Social engineering attacks
Another similarity is that these attacks result from social engineering techniques. Cyber-criminals are now targeting and manipulating employees inside the organization, “hacking the human mind” to break into the organizations’ systems. In the case of Epsilon, they tricked one of the company’s employees into opening a phishing email and clicking on a link. The hackers then gained access to the employee’s credentials, and exploited them to reach the corporate database.
Unfortunately, users are almost always the weakest links in an organization’s security system. There is always a vulnerable user to be found: it can be a new, unaware employee, or an overly nice secretary who shares a little too much information. Once inside, hackers operate in silence. They stay under the radar to steal as much information as possible before their presence is detected and corporations start investigating. This can sometimes take years.
In addition, these Cyber-criminals are no longer isolated amateurs. They belong to well-structured organizations that resemble terrorist cells - with money, motivation and goals. They can deploy considerable intelligence, time and resources in order to craft original social engineering attacks and gather informational assets. The only question as to the potential damage they can cause, is how far an attacker is willing to go?
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.