Risk
9/14/2012
03:35 PM
Tim Wilson
Tim Wilson
Commentary
50%
50%

How Cybercriminals Choose Their Targets

Attackers look for companies with poor defenses and a lack of security skills, so no business, not even an SMB, is immune.

InformationWeek Green - Sept 17, 2012
InformationWeek Green
Download the InformationWeek SMB September special issue on cybersecurity, distributed in an all-digital format as part of our Green Initiative
(Registration required.)

Whom do hackers want to hack? This might be one of the most misunderstood questions in IT security. And misperceptions here often lead businesses to make poor decisions about their defenses.

Logic tells us that cybercriminals are like Willie Sutton--they go where the money is. Banks and other financial companies, as well as businesses with lots of credit card data, would be the prime targets, right? And the bigger they are, the better targets they make.

This same logic is often applied to attacks on end users. If you're going to target a user, make it a high-level executive, a wealthy individual, or an IT administrator who has access privileges to many different systems. Go for the users with the keys to the safe.

All of these assumptions are perfectly logical. But they're also all wrong.

Most cybercriminals just aren't all that selective. True, banks handle lots of transactions, but any company with money is a good target, and a company that sells snack foods or construction equipment may have far fewer defenses.

Similarly, the perception that cybercriminals target only big companies is a myth. Large companies have more money, but they also have big security teams and high-priced defenses. Small and midsize companies have fewer security skills and little in the way of security budgets, which makes them natural targets for cybercriminals who don't want to work too hard. As you'll see in this special issue of InformationWeek SMB, smaller businesses frequently overlook core security practices that leave their data--and their finances--at risk.

People Of Interest

There are similar myths on the end user side. While it may be logical to provide extra protection for CEOs and password administrators, the notion that highly placed employees are the only people spear phishers and other targeted attackers go after is mistaken. Sophisticated cybercriminals know they don't have to crack the CEO's passwords to get access to valuable data. Line-level employees, contractors, even employees' relatives can be part of the target base. These guys aren't choosy, as long as the target is a step closer to the information they seek.

Cybercriminals are looking for low-hanging fruit. Their targets are companies with poor defenses, a lack of security skills, and vulnerable end users. They're looking for unlocked doors and open windows. The path of least resistance will always be the one most beaten down by bad guys.

There are many other reasons a cybercriminal might target your company and your employees, but the message is the same: No business, no individual is immune. Whether you're Sony or a mom-and-pop shop, you may be a target today. How you respond to that threat could make the difference between being safe and being breached.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-0547
Published: 2015-07-04
The D2CenterstageService.getComments service method in EMC Documentum D2 4.1 and 4.2 before 4.2 P16 and 4.5 before P03 allows remote authenticated users to conduct Documentum Query Language (DQL) injection attacks and bypass intended read-access restrictions via unspecified vectors.

CVE-2015-0548
Published: 2015-07-04
The D2DownloadService.getDownloadUrls service method in EMC Documentum D2 4.1 and 4.2 before 4.2 P16 and 4.5 before P03 allows remote authenticated users to conduct Documentum Query Language (DQL) injection attacks and bypass intended read-access restrictions via unspecified vectors.

CVE-2015-0551
Published: 2015-07-04
Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum WebTop 6.7SP1 before P31, 6.7SP2 before P23, and 6.8 before P01; Documentum Administrator 6.7SP1 before P31, 6.7SP2 before P23, 7.0 before P18, 7.1 before P15, and 7.2 before P01; Documentum Digital Assets Manager 6.5SP6 before P2...

CVE-2015-1966
Published: 2015-07-04
Multiple cross-site scripting (XSS) vulnerabilities in IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before FP17, 6.2.1 before FP9, and 6.2.2 before FP15, as used in Security Access Manager for Mobile and other products, allow remote attackers to inject arbitrary web script or HTML via a crafte...

CVE-2015-4196
Published: 2015-07-04
Platform Software before 4.4.5 in Cisco Unified Communications Domain Manager (CDM) 8.x has a hardcoded password for a privileged account, which allows remote attackers to obtain root access by leveraging knowledge of this password and entering it in an SSH session, aka Bug ID CSCuq45546.

Dark Reading Radio
Archived Dark Reading Radio
Marc Spitler, co-author of the Verizon DBIR will share some of the lesser-known but most intriguing tidbits from the massive report