SECURITY
Malicious malware an ever-evolving nightmare Recent US research holds valuable lessons for New Zealand companies facing a steadily growing cybercrime problem that is already estimated to cost hundreds of millions of dollars a year
F
our out of five New Zealanders agree with the experts - businesses and organisations in this country aren’t well-prepared to deal with computer hacking and keeping confidential data secure. A recent Insurance Council of New Zealand (ICNZ) review highlighted the ever-increasing importance of robust cyber security measures, ICNZ Chief Executive Tim Grafton says. “Experts are warning that New Zealand is woefully underprepared for the increasing threat of cyber attacks and it seems the public agrees,” he notes. ICNZ estimates that cyber-related crimes cost NZ businesses over NZ$625 million, but concedes that this is probably a “conservative” figure because some businesses are reluctant to disclose a cyber-breach of their systems. What is known is that global cyberattacks increased more than 2,000 per cent in the past four years, with about half originating from the Asia-Pacific region and roughly 75 percent of organisations in the region having experienced a cyberattack in the past two years alone. Mr Grafton says while high-profile technology breaches such as eBay and Target occurred overseas, New Zealand was still at risk. “The hacking of NIWA’s supercomputer last year was a stark reminder that New Zealand is not immune to the increasing global threat of cybercrime,” he says. “And the recent high profile computer hacking of emails and private messages has further emphasised the need for vigilance.” The ICNZ survey’s findings are supported by ThreatTrack Security, a leading US cybersecurity firm which specialises in helping organisations identify and stop
48
Advanced Persistent Threats (APTs), targeted attacks and other sophisticated malware designed to evade the traditional cyber-defences deployed by enterprises and government agencies around the world. ThreatTrack Security’s survey of 200 US IT professionals found that nearly 40 percent said it was either a “certainty or highly likely” that their organisation would be the target of an Advanced Persistent Threat (APT) or targeted attack within the next 12 months. Yet, while it is positive that so many security professionals are preparing themselves for a wave of advanced malware attacks their ability to effectively combat these threats is questionable, the ThreatTrack report notes. The survey found that 35 percent of respondents reported end points on their network had been infected by malware that evaded their defences during the last 12 months: moreover, 58 percent of respondents cited the complexity of malware as the most difficult aspect of defending their organisation. Organisations are responding by focusing on: • t raining their IT staff on new technology and cybersecurity strategies (50 percent) • i mplementing new policies (35 percent) • i nvesting in advanced malware detection technology (34 percent). Increased expenditure on cybersecurity also pays dividends as 78 percent of companies with security budgets between US$750,000 and US$1 million reported infections, but that number decreased dramatically to 35 percent when security budgets exceeded US$1 million – demonstrating that organisations with the right resources
and making the right investments can significantly improve their security postures. Some 50 percent of respondents overall said that email was the top threat vector through which their organisation encounters the most malware, with 34 per cent citing the web as their top threat vector for The hacking of NIWA’s APTs. supercomputer earlier last year was a stark reminder that Corporate cyber threats New Zealand is not immune However, while all APTs are to the increasing global threat vehicles for cybercrime not of Cyber-crime says Insurance all cybercrimes involved APTs Council Chief Executive Tim according to The Evolution Grafton of Corporate Cyberthreats, a recent Kaspersky Labs report Insider Trading Theft which notes that there are sig- Targeted Information: Pending nificant differences – despite M&A deals or contracts; upthe fact that both are based on coming financial earnings; future IPO dates monetary gain. APTs specifically target more sensitive data including pass- Financial & Identify Theft words, competitive intelligence, Targeted Information: Emschematics, blueprints, and dig- ployee and customer personinformation; ital certificates and are paid for ally-identifiable by third-party clients or resold payment transactions; account numbers; financial credentials in the underground. General cybercrime operations, meanwhile, are direct Technical Espionage “for profit” attacks and target Targeted Information: Password customers’ personal and finan- or account credentials, source cial information, which can be code, digital certificates; netquickly monetised and laun- work and security configuradered underground for ID theft tions; cryptographic keys; authentication or access codes and fraud. Cybercriminals will either provide the hijacked information to Reconnaissance and Surveilthe third party who hired them lance: Targeted Information: System to steal it, or they will repackage and resell the data under- and workstation configurations; ground to interested parties keystrokes; audio recordings; such as nation states or com- emails; IRC communications; peting organisations. screenshots; additional infecThere are many different types tion vectors; logs; cryptographof targeted attacks, including: ic keys. The reports revealed that the Economic Espionage primary method for infecting Targeted Information: Intellec- targeted organisations was tual property; proprietary infor- spear-phishing emails rigged mation; geopolitical, competi- with common vulnerabilities tive or strategic intelligence found in corporate applications or programs. Yearbook 2015-2016