Top Nine Cyber Security Patterns To Look Out For in 2015.

Written by
  • 5 years ago
  • Posted: January 13, 2015 at 6:00 pm

Over 3 billion humans will be on the internet even as we speak, with over 100 billion emails sent today, not to mention over a billion Google searches as you read this post, 300 million tweets, and my favorite over a million blog posts and counting including this one that you read so devotedly. There is no doubt the importance of cyberspace is intertwined in the very fabric of our lives. The amount of information that we transact over and through cyber space is astronomical. Every day we perform a multitude of operations using computing devices; we check out bank account balance, we pay parking and we exchange documents with our colleagues and friends. Mobile, social networks and cloud computing are the paradigms that have changed the online user experience; these platforms manage today almost all of the information in the internet, an impressive and priceless amount of data. And this is why Google is going to the level of charging you $25 to store your Genome (your DNA) in the cloud, anyone finds that disturbing like I do. The information is money and criminals follow it, the schemes of monetization are various and target every sector.

Cybercrime is evolving in complexity and organizational capacity, under many aspects it works exactly as a major enterprise. I am sure you have heard of the hacking group “Anonymous”, “Wikileaks”, “Eric Snowden”, “Julian Assange”, founder of Wikileaks, these are some of the usual, commonplace names you hear when it comes to cyber-security. Whether you are an organization, governments, or individual, there are ‘threatening cyber events’ to be looked at in order to be forearmed. I basically categorize cyber space in two- the deep, dark where all things dark, sinister, and mysterious happen and then we have the Common Web, where cute puppy dogs and rainbows live, okay where mundane actions such as logging into your Twitter account, Facebook, or perhaps performing a Google Search take place, it is the space where people like you and me who aren’t hackers use. My duty is to forearm you by identifying only nine of these threats that will feature heavily in the short-term. But before that, you need to understand that cyber-security threats follow 9 identified paradigms:

Point of Sale intrusions-Remote attacks against the environments where retail transactions are conducted, specifically where card-present purchases are made, like swiping your card at your local supermarket or mall. The interesting thing about this type of pattern has been trending down within the previous decade. Brute forcing remote access connections to POS still leads as the primary intrusion vector, that’s just internet speak for it is the number one cause of data breach at POSs. Brute force only means that hackers are guessing passwords recurrently to find the right kind of combination.

Web Apps Attacks-It involves any incident in which a web application was the vector/cause of attack. It includes exploits of code-level vulnerabilities in the application as well as thwarting authentication mechanisms. For example, WordPress. Hackers generally take advantage of possible weaknesses in two ways: by exploiting a weakness in the application and by using stolen credentials to impersonate a valid user.

-Insider and Privilege Misuse
-This involves any unapproved use of internal organizational resources fall within this pattern. Mainly, it tends it tends to be insider misuse, but outsiders can be involved, too due to collusion and partners who are granted privileges. More often than not, these crimes are committed with a financial motive in mind or personal gain. Corporate espionage features heavily in this category. Things that tend to be targeted involve a company’s intellectual property, trade secrets, et cetera. Another instance would be say you worked for NIS (National Intelligence Service) and you had access to privileged information and you know that you could make a lot of money if you sold that information to the highest bidder; this could motivate you to cause the data breach. I am sure most of you have watched what I have just described on the telly, perhaps even engaged in the same.

Physical Theft and Loss– Yes, people, perhaps you might remember the hooded men during the times of the ‘Snake-Rattler’, the man himself, John Michuki who was the then Inter Security minister, who broke into Standard Group offices sometime after midnight, going back to 2006 and engaged in several ‘destabilizing events’ involving the physical equipments therewith to preclude the News entity from publishing ‘highly sensitive’ information that would break the integrity of ‘national security’. Say, you want the information packed at Safaricom servers, we all know that information is the currency of the Knowledge Economy, and you plan a precision-infiltration operation to acquire the said items and retrieve the highly-valued data, perhaps for financial gain or some sinister plot; that would be a data breach by ‘physical supplantation’, effectively, stealing the servers, which any organization should prevent at all costs.

Miscellaneous Errors– These are incidents where unintentional actions compromise the security integrity of an information asset, meaning, perhaps you have accessed a database and you make the insane error of deleting something that you need, the horror! Another common mistake is misdelivery- sending the wrong email to the wrong recipient leading to data disclosure. Imagine this, the head of NIS sending a classified document, (it might not be highly classified, but still, it shouldn’t be in the public arena) to the president and by some cruel turn of fate he ends up clicking the wrong kind of button and it comes to your email instead, I don’t know what you would do, but my point is made. Man is to err. Data suggests that highly repetitive and mundane business processes that involve sensitive information are significantly prone to such errors.

Crimeware-This describes any malware that does not fit with the other patterns such as espionage and point-of-sale attacks. The primary goal is to acquire control of systems for illegal uses such as stealing credentials, spamming, DDoS campaigns (DDoS means Distributed Denial of Service, which usually involves trying to make an online service unavailable by overwhelming it with traffic from multiple sources, imagine you are shopping on Jumia and you can’t make your purchase, it could mean that a DDoS hacking campaign has taken place). Web downloads and drive-bys (a computer infection caught by visiting a website that is running malicious code) are the most common vectors/causes of infection. Common examples of malware used for criminal intent is ‘Zeus’ (Zbot), a survivor despite many attempts to eradicate it, leading to its description as the cockroach of malware-it never seems to die and never goes away!

Payment Card Skimmers-All incidents in which a skimming device was physically implanted (tampering) on an asset that reads magnetic stripe data from a payment card (e.g., ATMs, gas/petrol pumps, POS terminals, etc.). Criminal groups install skimmers on ATMs, which is most common and other card swipe devices. On an increased qualitative level, the skimmers are getting more realistic in appearance and more efficient at exporting data through the use of Bluetooth, cellular transmission, et cetera. In Kenya, such crime is not common, but as Kenyans embrace the ‘swipe culture’ and Africa as a whole, they will become new target sites, especially consider there isn’t a very strong cyber-security culture, but companies and governments are recognizing this type of war. If you walked into your nearest bank and expertly place a skimming device, then your plan for a ‘get rich quick’ plan might work. it’s now possible to buy online skimming devices with built-in SiM cards that makes it possible for remote configuration, remote uploading of data, and tampering alerts that, if triggered, will cache the data and send it out immediately, greatly reducing risk of being caught, now don’t you go and get any ideas! Businesses can acquire tamper-proof terminals in combination with other ways to combat this.

Cyber-Espionage-The incidents regarding this pattern include unauthorized network or system access linked to state-affiliated actors and/or exhibiting the motive of espionage. This is the stuff of a spy telly program. I am sure if you follow current global affairs, you will in no doubt be aware of the man on the spotlight, Eric Snowden, former CIA analyst, who simply couldn’t keep in his pants, no pun intended and made headlines leaking U.S. secret documents out in the public lie it was nothing, which makes me wonder whether in the current era whether there would be an intelligence officer in our beautiful country that would be well, insane enough to release crucial information-perhaps what really happened at Westgate, or what’s going on at our borders, better yet, the hidden political machinations regarding our international membership at the ICC, am just saying. Cyber-espionage is on the rise and will continue to do so, especially flying in the face of strategic web compromises and widespread geographic distribution of both victims and actors. Comprehensive information about this pattern isn’t easy to come by, precisely because organizations are not typically required to publically disclose breaches of internal context. Organizations can better protect themselves by first realizing that they are dealing with highly-skilled individual(s) and should endeavor to patch all things up, segment their network and lateral movement across the network, which essentially means curbing the spread of an attack to other vital points of ‘threat actions’ in the network infrastructure.

Denial of Service Attacks-Earlier I described what DoSs are and mentioned, in effect, that it is any attack intended to compromise the availability of networks and systems.

Everything Else-This pattern is not really a patter per se, but rather is used to cover all incidents that don’t fall in the spectrum of the patterns I have just described. It is generally described two events-generic hacking and browser-busting malware (brute-force hacking, which I described earlier).
Cyber-security is a global concern and the sooner we understand the established patterns and those that will emerge, the greater the chances of developing robust security structures.

What is your opinion on the topic?
Stefan Wolf
Article Categories: