Shifting landscape of Threat Vectors in 2018
According to recent security intelligence research, reported data breaches have been reducing over the past few years. This includes attack avenues such as tax phishing attempts for W-2 form data. However, the time taken for disclosure of a breach remains a significant challenge for organizations, especially in light of the upcoming data privacy regulations i.e. the General Data Protection Regulation (GDPR), which imposes a 3-day (72 hour) notification ruling on data breaches.
The average time between data breach detection and disclosure is decreasing. In 2015, it took enterprises 82.6 days on average to disclose a breach. By 2017, this figure was reduced to nearly half to 42.7 days, and it dropped even further to 37.9 days in Q1 2018, showing a trend of continuous improvement over the last four years. Despite the encouraging year-on-year progress in the effort to reduce breach disclosure times, organizations still have a long way to go in order to meet, if not exceed this requirement! The average time between incident occurrence and disclosure is still more than an unacceptable five weeks!
The recent dramatic volatility in crypto-currency value may provide some clues for the gradual decline in data breaches: Crypto-mining malware, which takes advantage of unused CPU cycles to unearth digital currency saw a significant boost at the start of 2018, which could account for the shift away from traditional breach methods. Crypto-mining is on the rise, Internet of Things (IoT) attacks are burgeoning, and ransomware is undergoing a “market correction” of sorts.
Crypto-mining experienced the highest spike of all Internet security threats last year with a magnitude leap. With just a few lines of code, attackers can install crypto-mining software on unsuspecting devices and scavenge for digital coins in the background. The lightweight nature of crypto-mining code enables it to fly under the radar of typical threat detection tools, even as it consumes CPU cycles and energy. As more miners are installed on network and IoT devices, performance suffers, energy costs rise and cloud resources end up bursting at the seams.
The rise of crypto-mining is not unlike any of the get-rich-quick schemes out there, and it would be prudent to know that any new technology designed to combat IoT attacks may not be enough to stop them all from proliferating. Recognizing the obvious signs of an IoT-driven crypto-mining attack therefore requires a security-aware and a continually-trained workforce.