Additional Notes from the Cyber Security Summit

cyber-security-summit-2016On Monday we looked at the some of the primary attack vectors used by cyber-criminals.  Here are the rest of the attack vectors that Kevin Thompson from FireEye shared at the Cyber Security Summit.  Many of these are significant twists on old exploits, or more sophisticated exploits.

  • Attacks using legitimate services.
    • Social networks – make friends or connections, gather information.
    • Cloud storage services to host malware downloads.  Link looks legitimate, its from Google Docs or DropBox.
    • Comment boards and chat services – post a link to the funny cat video, clickers get a video and malware too!
    • Enterprise management tools – post a problem and solution with a malicious link.
    • Microsoft TechNet forums – ditto
  • PII services on the Dark Web – There now exist searchable databases of personally identifying information (PII) to aid attackers in identifying targets and potential victims.  This is my personal favorite.  Wondering why the bad guys want to steal all this information?  Now you know.
  • Using hijacked email accounts to request wire transfers. (Business Email Compromise)
  • Stealing company information to make stock transactions based on insider information.  Press releases, public relations firms, and law firms are often targeted for this information.
  • Ransomware attacks used to hide credential theft or data exfiltration activities.  First you copy and steal what you want, then you encrypt it all to keep them distracted and prevent them from discovering the loss of data.

What I learned from this presentation was that our cyber-adversaries are smart, organized, and highly skilled.  They have developed a distributed economy of cyber-crime providers on the Dark Web.  Many individuals or groups have focused and specialized on one or two services that they provide to other criminal crews that are preforming the actual exploit or heist.  In many ways they mirror the way business is conducted in the visible web.  This level of sophistication and organization is likely to make it more difficult to prevent exploits from happening.  We need to rely on early detection and organized incident response and remediation strategies to defeat them.


About the Author:

Cybersecurity guru to business owners in the St Paul, Minneapolis, and western Wisconsin area. Computer security and hacking have been a passion of mine since I entered the computer and networking business in 2000. In 2013 I completed a course of study and certification exam to become a Certified Ethical Hacker (CEH). In 2016 I was certified as a Certified Information Systems Security Professional (CISSP). As Cybersecurity Analyst at The WyzCo Group, I help our clients experience high levels of computer security, network security, and web site security. In addition to consulting on security products and services, we also conduct security audits, vulnerability assessments and full penetration tests. We also provide Cybersecurity Awareness Training for clients and their employees. We also work with companies and organizations that need to certify compliance with regulations such as PCI-DSS (credit card processing), HIPAA/HITECH (medical records), and GLBA. The views expressed on this Web site are mine alone and do not necessarily represent the views of my employer.

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.