Wednesday, March 1, 2017

The evolution of the threat landscape

Computer security experts like to talk about the “threat landscape,” a wide-ranging and constantly evolving set of ways that malicious outsiders can attack devices and networks. In the past, hackers were motivated by personal fame and bragging rights. Today, organized criminal gangs have turned cyber attacks into big business, transforming their victims’ misery into profits with ransomware, click fraud, and identity theft. Politically motivated attackers might be more interested in stealing secrets or causing damage and disruption.

Malware and phishing attacks typically cast an indiscriminate net. By contrast, targeted attacks aim to exploit weaknesses in large organizations. Government agencies and companies that do business in sensitive industries—defense, banking, and energy, for example—have to be constantly aware of the potential for attacks from well-funded, technically skilled outsiders.

And don’t assume that your organization is too small or inconsequential to be a target for computer crime. If your small business is connected to one of those large targets—even indirectly, as a subcontractor or as part of the supply chain, for example—you might find yourself in the crosshairs, with the attackers counting on being able to work their way up to bigger, even more lucrative targets.
The threat landscape certainly includes malware and intrusions, but it also includes data breaches, unauthorized access to local and network resources, and physical theft.

In general, attacks can occur at any layer of the stack. Malicious agents can lurk in software, in seemingly innocent webpages or documents attached to an email message, or in packets on a network. They can target vulnerabilities in the operating system or in popular applications. Some of the most successful attacks in recent years have come through so-called social engineering, where a would-be attacker pretends to be something he isn’t—forging the sender’s name on an email message to convince its recipient to open a booby-trapped attachment or visit a compromised website, for example.

Damage can escalate quickly if the attacker steals the identity of a support technician or network administrator who signs in to a compromised device using credentials that allow greater access to network resources.

You can also become a victim through no fault of your own, if a third party stores your credentials insecurely and then suffers a data breach.

Source of Information : Microsoft Introducing Windows 10 For IT Professionals

No comments: