Security "Bits"

The Many Faced Cyber Criminal

By Annie Wang | June 1, 2015 at 10:52 AM

many_facedFor those of you who are fans of HBOs Game of Thrones, this title may remind you of someone. In the series the “Many Faced God” is a character Arya Stark has turned to in order to guide her. As his name suggests he has the ability to take the form of multiple people, along with a few other magical powers.

Cyber criminals have shown that they too have a few sinister tricks up their sleeve. If we take a look at the major breaches that has taken place and start to break down the methods used in order to infiltrate the most secure data of some of the worlds most renown brands it becomes clear. Cyber criminals are now using a variety of different faces to disguise themselves.

A recent Ponemon study shined light on what some of these popular cyber criminals tactics are.  Their quiver ranges from Spear phishing and malware attacks, to exploiting software vulnerabilities, and public Wi-Fi based attacks rounding out the list of most used methods.

The “Spellcheck” phishing attack, believed to be created by a nation state cybercriminal gang hailing from China, has been the tactic used in the Anthem, Premera and CareFirst security breaches. In those 3 examples alone, over 120 million people had their personal records exposed to the world.

Criminals have even begun using advanced phishing attacks like using personal social media accounts to launch attacks. In fact, in healthcare about 88% of healthcare orgs have all come face to face with this kind of attack. Another reason why companies must keep the human factor of data security top of mind.

Using public Wi-Fi attacks to launch attacks is also becoming more common. Enterprise executives staying at even the world’s most luxurious hotel chains have been targeted (think of the data enterprises have in their email boxes) and have seen their laptops hacked after connecting to the hotel’s public wi-fi network.

Driven by the pursuit of a big pay off by stealing data (most notable healthcare data) and then selling it off in the Dark Web makes the rise in the number of breaches inevitable. Nation state cyber gangs from eastern Europe, Russia, china and Iran are popping up each day, all with a money driver hunger and the hacking tools to feed it.

Because of this, enterprises should be looking to secure themselves and prepare to limit the damage of any breach that may come their way. This means that companies should be looking to secure their data in the 4 keys areas that all companies should be concerned with in order to achieve total data protection




Chris Hines

Product Marketing Manager | Bitglass



see all