Finance #1 target for cybercrime, software is key weakness
by Bija Knowles
The financial industry is a prime target for cyber criminals, while legacy systems and the software supply chain are key weakness, according to a cybersecurity trends report. The M-trends 2018 report by FireEye highlights some of the trends in cybersecurity and sets out predictions for how cybersecurity threats to large corporations and organisations will evolve during the year. It found that the financial industry, together with the high-tech industry, had the highest number of significant attacks from different attack groups during the 2017 study period. And the research showed that legacy systems are a key weak spot for organisations, as companies struggle to control their internet footprint and protect legacy systems. In one case study of a company in Asia, cyber-criminals were able to gain access to corporate accounts because Remote Desktop Protocol (RDP) was available through a legacy web server.
The main results and predictions from the report include:
Cyberthreat from China persists
FireEye's report notes that, following the 'Obama-Xi agreement' in 2015, while Chinese government-controlled cyber operations decreased, they continue to pose a threat, particularly to companies in the middle of negotiating contracts or M&A activity. The report states: “In fact, FireEye has seen an increase in the number of attacks against US companies that have resulted in the theft of business information such as bid prices, contracts, and information related to mergers and acquisitions. FireEye has also seen a surge in cyber espionage campaigns targeting business-to-business services such as cloud providers, telecommunications companies and law firms.”
Chinese state-sponsored hackers may also be looking to gain strategic advantages for economic or military purposes by gaining intelligence on advanced technologies such as AI or advanced batteries.
Software supply chain attacks
Hackers, or malware authors, are increasingly taking advantage of the trust between companies and software providers, according to the FireEye report. It says: “In supply chain attacks, cyber threat groups target the build servers, update servers and other parts of the development or release environment. The hackers then inject malware into software releases, infecting users through official software distribution channels.” It notes that at least five cases of this type were observed last year and that this type of attack in the software supply chain is likely to continue.
The report noted significantly increased activity and sophistication of attacks from threat actors sponsored by Iran. It states: “While they have captured notoriety over the past year, especially for their destructive attacks, much of their espionage activity has gone unnoticed. Their list of victims currently spans nearly every industry sector and extends well beyond regional conflicts in the Middle East.”
Perennial targets
There was an increase in the retargeting of previously compromised organisations. The FireEye report found that half (49 per cent) of its customers who had already experienced at least one significant attack (such as data theft, compromised accounts, credential harvesting, lateral movement and spear phishing), were successfully attacked again within one year. And the majority (86 per cent) of companies that had experienced more than one significant attack had been breached by more than one hacker. The data also showed that the financial and high tech industries had the highest number of significant attacks by different attack groups: 16 each, while companies in the energy, government, non-profit, pharmaceutical and media industries suffered fewer than five significant attacks from different attack groups.
Better internal detection
On a more positive note, the global median time for internal detection of an attack dropped by over three weeks, from 80 days in 2016 to 57.5 days in 2017. The report says that, although the global median time from compromise to discovery has risen by two days, it sees that organisations are getting better at discovering compromises in-house with their own internal teams.
Like this item? Get our Weekly Update newsletter. Subscribe today