Following the well-publicized mass looting of data from Target Inc. in late 2013, most companies are devoting renewed energy to bolstering their cybersecurity measures. The awareness that digital information is at risk extends across businesses of all sizes as well as to private citizens, who have become much less complacent over the past year. A sense of urgency about digital security is fueled not just by the widespread occurrence of data theft by hackers, but also via the ongoing concern for privacy issues driven by disclosures of extensive National Security Agency (“NSA”) information gathering.
Showing posts with label Trends. Show all posts
Showing posts with label Trends. Show all posts
Monday, February 10, 2014
Saturday, February 8, 2014
[CrowdStrike] 2013 Year in Review: Actors, Attacks, and Trends
As
2012 was winding down, the CrowdStrike Intelligence team was in hot
pursuit of an adversary who was leveraging a Strategic Web Compromise
(SWC) attack using an exploit for an at-the-time unpatched vulnerability
(CVE-2012-4792). This attack was a harbinger of what was to follow
throughout 2013. These attacks, commonly called “watering holes”, do not
rely on social engineering and weaponized documents to victimize their
prey. Instead, sites known to be of interest to the victim are seeded
with exploits leading to droppers intended to implant the system of the
unsuspecting visitor. In Q1 2013, the CrowdStrike Intelligence team
warned our threat intelligence customers of the impending shift in
targeting to this attack scenario. This estimative analysis factored in
many pieces of intelligence that were collected and analyzed by the team
and used to develop indications and warnings.
Subscribe to:
Posts (Atom)