As I wrote in yesterday’s blog, the Cyberattacker of today is not really coming up with new means in which to launch their threat vectors. Rather, they are for the most part, outsourcing all that they can in order to save on cost so that they can make the most amount of money possible when they launch their attacks. For lack of a better term, really it is a business for them.
The bottom line is that they want to make money as well, but in an illegal and nefarious way.
Heck, you can even rent out someone to do your Phishing attack for you, which is known as “Phishing as a Service”. Just pay ‘em a flat fee, and everything will be done for you. No questions asked, unless of course, the FBI comes knocking on your front door.
So now, this begs of the next question. And that is, once a Cyberattacker has been successful in previous attempts, do they keep going back after the same targets once again, because they know where the soft spots are at?
Unfortunately, the answer to this is a resounding yes. For instance, suppose a Cyberattacker goes after Company ABC, and gets all of the Personal Identifiable Information (PII) that they can get their hands on. They now know where the vulnerabilities are, and over a period of time, once Company ABC lets their guard down, the probabilities are high that they will be attacked again, and by the same Cyberattacker.
This point has been much further substantiated by a recent study that was conducted by a special security originating from IBM, and their report is entitled: “IBM X-Force Threat Intelligence Index 2020”, and the it can be downloaded in its entirety at the link below:
This is a very comprehensive study, that is conducted on an annual basis. In this particular one, the team examined 70 billion security events on a daily basis, across 130 countries. They also monitored over a million spam and Phishing based Email attacks, and even closely examined for fake and spoofed websites, as well as even those companies whose brand has been tarnished by these kinds of attacks (as it was also discussed in yesterday’s blog as well).
The results from the study are totally startling:
*60% of all of the total Cyberattacks used previously hijacked passwords and attacked the same targets over and over again, because they knew of the vulnerabilities and weaknesses that existed in their victims;
*Using the same Phishing attack was successful in the repeated attacks;
*All the Cyberattacker had to do in these instances was to merely exploit the same gaps. For example, the same vulnerabilities that were initially discovered in Microsoft O365 were still preyed upon over and over again;
*30% of the Cyberattacks that were launched used the same PII and passwords that were used in previous attacks. Because of this, the total number of exploits in 2019 increased by well over 200%, and this means that at least 8.5 billion pieces of confidential records were also compromised as well;
*85% of all of the Cyberattacks were due to misconfigured Cloud based settings, when businesses used either the AWS or the Azure platforms;
*Retail and Social Media continues to be a sector which is constantly being hit hard by Cyberattacks (Magecart is the most widely used threat vector in this instance), and the some of the top ten brands which continue to keep getting hit include the likes of Google, YouTube, Amazon, Apple, Facebook, Instagram, Netflix, etc. In fact, it is these very entities that spoofed websites are created using very similar looking domain names;
*Industrial Control Systems (ICSs) and Operational Technology (OT) platforms are also prime targets for repeated attacks. For example, just in 2019 alone, there was a 2000% increase in the number of Cyberattacks;
*The geographic regions of North America and Asia are the prime targets for Cyberattacks;
*After Phishing attacks and spoofed websites, Ransomware continues to be the second most popular threat vector that is being used, which cost business entities over $7.5 billion in financial losses just in 2019 alone.
My Thoughts On This
In my opinion, this study simply proves that once again, we live in a total reactive society when it comes to Cybersecurity. I am taking a neutral viewpoint on this, and I am not saying it is good or it is bad. It is just the kind of society that we live in today.
The bottom line is that an organization simply won’t respond to a Cyberattack until it has been hit, and more than likely, they may never even recover, especially it is an SMB.
Perhaps a Fortune 500 company could withstand a Cyberattack easier, because they have the financial coffers to rebuild again. But an SMB simply cannot do this. And the Catch 22 here is that it is the SMB which drives most of America’s economic engine.
This study also reveals yet another finding. Even after a company has been hit with a Cyberattack, they may act tough about it for some period of time after the fact, but more than likely, they will let their guard down once again, which is why they are being hit over and over again.
Also, another reason why Corporate America is being hit over and over again is perhaps even after they are hit, they are not taking enough remediative actions in order to fully plug in their gaps, weaknesses and other vulnerabilities that were used as the point of entry.
Sure, the IT Security staff may have downloaded some patches here and there in order to fix it, but that probably was not enough. The Cyberattacker knows this, and that is why they are so successful in hitting upon the same areas over and over again.
These gaps are just not completely filled in all the way, and they may never be. Third, this study also points out another area in which the Cyberattacker is preying upon: the trust that has been built upon the most reputable retail brand names, as mentioned earlier. The fallacy in thinking here is that just because a brand has been around for a long time, it can be trusted 100%.
While these organizations may have totally beefed up their lines of defenses, they are circumventing this by creating spoofed websites, and with fake domains that look almost like the real thing.
Fourth, this study also points out yet another disturbing trend: people are still using the same password over and over again. In fact, the research that was conducted it was discovered that 41% of the millennials reuse the same password for most the stuff that they log into, and the so-called Generation Z makes use of only 5 passwords.
This only indicates that the same password is also being used over and over again as well.
So, given what I have talked about in yesterday’s and today’s blogs, it only makes sense that the Cyberattacker will try to find the easiest way in order to get the most amount of money possible. Why not? It only makes sense, after all, why reinvent the wheel, when something that is already in place is working so well.
In the end, we are all prone to a Cyberattack. No individual or business entity is immune from this risk, but what the key here is that if we are hit, we need to be proactive in fixing what went wrong and preventing from the same mistakes in happening again.
Apparently, based upon the results of this study, this is simply not the case.