Well, it should be no surprise that the Cyber attacker of today really in the end, has no favored target. They will pick things at random, with the main intention of trying to inflict the most damage possible (and as we have seen with my previous blog postings – they are also intent on causing physical damage as well – especially with the Emergency Response System). But, depending upon the season, and timing, they do have their favored targets.
As we mentioned in yesterday’s blog post, since today is the day that we file our taxes, tax returns and the tax professional are the prime targets for the Cyber attacker.
During the holiday season, obviously the prime target are the holiday shoppers, and the retail outfits, whether they are the traditional brick and mortar or even the online stores themselves.
During the times of natural disaster, especially during the times of Hurricane Katrina and the tsunamis in the Pacific Rim (these were some time ago, but these come across my memory the best) the Cyber attackers unfortunately targeted the innocent victims of these tragedies by sending out Phishing E-Mails claiming that they were from the Red Cross.
Instead, any money donated over went directly into the pockets of the Cyber attacker.
But according to a recent study, just in the last two years, the financial industry has been overall, the prime target for the Cyber attacker. In fact, here is the list of the five most favored targets from 2016-2018:
- Financial services;
- Information/Communications technology;
- Professional Services.
I should mention the fact that this study was conducted by IBM, and is known specifically as the “2018 IBM X-Force Report.” This report cited that about 27% of the firms were in the financial services industry were targeted, which is almost a third. This truly is a staggering number to comprehend.
You may be asking at this point, “OK, what kind of malwares are most favored by the Cyber attacker to use?” Well, to answer this, according to the report, “The most prevalent financial malware families were Gozi (Ursnif) variants, Zeus, Dridex Ramnit, Zeus Sphinx, TrickBot, QakBot, Zeus Panda, GootKit, and Qadars.” (SOURCE: https://www.scmagazine.com/top-five-most-frequently-targeted-industries-of-2017-are-financial-services-information-and-communications-technology-manufacturing-retail-and-professional-services/article/758556/).
From this list, the most active malware was Gozi (aka Ursnif). In fact, “ . . . Gozi activity made up nearly one-fourth of the activity tracked, proving that organized crime is overtaking all other classes of actors in the financial malware-facilitated fraud scene.” (SOURCE: https://www.scmagazine.com/top-five-most-frequently-targeted-industries-of-2017-are-financial-services-information-and-communications-technology-manufacturing-retail-and-professional-services/article/758556/).
However, SQL like injection attacks were still the most favored tool of the Cyber attacker, and in fact, has doubled since 2017. In fact, this accounted for nearly 80% of the malicious activity on the enterprise networks of these financial services firms. Most of these attacks involved the following:
- Botnet based injection attacks (CMDi);
- Local File Inclusion (LFI);
- The use of embedded Cryptomining tools.
Also, this report cited that these malwares just mentioned have also increased in their level and style of sophistication in terms of source code in order to carry out grand larceny like attacks. My thoughts on this? Really, it should come to of no surprise.
After all, it is this industry where people have their most confidential information and data, and of course their money. The industry is indeed taking steps, and it will some time for the industry to stay one step ahead of the Cyber attacker. It will happen, and I do have faith in this system, particularly here in the United States.