Cyber attacks are becoming more “technically sophisticated”, often infiltrated onto networks in stages and lying inert before the cyber attackers strike, making them harder to detect, warns security software vendor McAfee in its latest Threat Report, released today.
“The majority of security breaches during the past few years have been readily detectable. They were sophisticated in their planning, targeting, stalking, and execution; some were even highly technical or evasive,” it warns.
“However, we have seen a change during the past two years, with a significant increase in the number of technically sophisticated attacks. Many of these have been designed purely to evade advanced defences.
“They are infiltrating in pieces, hiding in seemingly inert code, and waiting for an unprotected moment to emerge. These threats also avoid the signature-based traps of their ancestors, employing encryption and dynamic code modification to change with each new deployment and hide incriminating data.
“More and more we see long-running attacks that continue for many months, or those with a long-term view, willing to wait and watch before doing anything malicious. Most of these likely commit ongoing espionage instead of immediately selling exfiltrated data,” claims Intel-owned McAfee.
The increase in severity and complexity of cyber attacks coincides with a boom in the different types of connected devices, as well as “a huge expansion in virtualisation and public clouds”. Furthermore, warns McAfee, so-called internet of things and wearable devices are just beginning to be exploited, too, taking advantage of lax security built-in to the increasing range of products.
“Attackers want the easiest way in and these devices often provide under-defended access to target-rich networks. We are seeing just the beginnings of attacks and breaches against them,” it adds.
The McAfee report also noted a boom in the market for exploits and cyber crime tools – indeed, the development of a fully fledged market catering to the needs of cyber-crooks. It also pointed to the growing use of Tor and bitcoin, which make it easier for criminals of all kinds, it claims, to interact, transact and conduct attacks with reasonable assurance of anonymity.
And cyber-criminals have shifted their focus from credit card details, according to McAfee, to information.
“Five years ago, many high-profile thefts involved credit card details that were sold in bulk as quickly as possible to those who aimed to make fraudulent purchases. Credit card issuers have worked hard to quickly block the use of stolen cards, so the value of stolen cards now drops rapidly.
“Consequently, some attackers have started stealing other high-value data, such as personal health records, that does not lose value as fast. Learning from the business community, cyber-criminals are also turning to data warehousing, combining and correlating multiple sets of stolen data into something much more valuable.
“Many recent high-profile data thefts, such as personal tax records or background checks, have not been immediately turned into cash, possibly indicating an increase in criminal maturity,” according to McAfee.