Cybercriminals constantly develop new methods of conducting cyber attacks. Earlier this month, for example, a criminal organization used a hack to infiltrate a mortgage lender’s internal systems and illegally transfer funds to its own accounts. As a result of this discovery, the FBI and several other agencies have begun exploring new approaches to detect these new techniques, including data mining from malware, machine learning and other analytical techniques. If you are interested in learning more then make sure to check here.
“The number of new techniques being used by cybercriminals to launch attacks is increasing with more sophisticated methods of cyberattacks evolving,” said Greg Nojeim, senior counsel at the Center for Democracy and Technology (CDT) and a member of the “Cyber Threat Working Group,” which made the recommendations. “This list addresses the findings we’ve seen of new ways to bypass security measures. But our focus should be on keeping our defenses up to date to help protect us from all threats.”
Each recommendation is a best practice in response to emerging technologies. In a recent CDT survey of more than 60 IT professionals, 76 percent reported new attacks on a daily basis, including more than 50 attacks in the last two months alone. The rate of new attacks is estimated to be three to four times greater than the number of systems compromised annually.
Agencies should work collaboratively to coordinate with the private sector to develop specific methodologies for detecting and identifying emerging cyberthreats.
The recent Kaspersky Lab vulnerability scanning found 21 companies that are vulnerable to the FREAK threat. A good rule of thumb for determining whether a company is vulnerable is whether a recent scanning report lists a company as being a potential threat.
The potential threats include threats to key business data, such as employee information, payment data, health information, medical records, financial information and other business data. Also of concern are threats of financial theft or violations of intellectual property rights, including intellectual property compromised in the breach, due to intellectual property theft going undetected.
Recommendation 2: All agencies should accelerate their efforts to implement and verify custom vulnerability scanning and alert requirements and deploy these to their Critical Infrastructure Protection (CIP) programs.
The CIP program, which helps support and monitor critical infrastructures, consists of several parts that include regularly validated vulnerability scanning to quickly determine which organizations are not currently protected, annual event detection and response (EDR) tools and public threat reporting.
With the help of the agencies, the information technology (IT) vendors and others, agencies can quickly identify and reduce the severity of vulnerabilities. If an information system is not currently protected, IT staff can review that information system to quickly identify whether a fix is available or work to achieve full security before attackers can exploit an individual file or process or exploit the entire network.
Although protection for every CIP system is important, certain systems, such as servers and desktop computers, often require more attention, so agencies may perform scanning of those systems more often than others. Automated vulnerability scanning can be achieved using services provided by the Critical Infrastructure Protection Program or by applying certain vendor tools, such as Freelancer from CrowdStrike.