Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


10:00 AM
Sergio Galindo
Sergio Galindo
Connect Directly
E-Mail vvv

Dear Cyber Criminals: Were Not Letting Our Guard Down in 2015

Next year, you'll keep exploiting vulnerabilities, and we'll make sure our systems are patched, our antivirus is up to date, and our people are too smart to click the links you send them.

Dear Cyber Criminals,

Congratulations on a banner year! As cybercrime goes, you’ve had incredible success in 2014. In the past 12 months you’ve demonstrated that no one is too big or small to be a target: the US Government, Home Depot, JPMorgan, Apple, eBay, and Community Health Systems, just for starters. And you keep picking on poor Sony.

This past year, you exploited financial institutions like JPMorgan, where you helped yourselves to contact information for 76 million households and 7 million small businesses. You sat on its network for more than two months before a (rare) sloppy mistake gave you up. You even deleted your tracks, hampering investigators. JP Morgan spent $250 million this year on cyber security measures, which, thankfully, did prevent you from accessing its really critical data.

Retail wasn’t safe either. You tapped Home Depot for 56 million payment cards, costing it $62 million to recover from your handiwork. We are getting pretty used to news like this, and consumer confidence isn’t as easily shaken anymore. Not like in 2007 and 2008 when you cracked TJX and Hannaford.

At the tail end of 2013, you snagged a whopping 110 million payment cards from Target, one of the largest hauls in history. Quite simply, you have dominated the retail space.

You very cunningly attacked the $3 trillion US healthcare industry, including swiping 4 million electronic health records from Community Health Systems, each EHR worth 50 times more on the black market than a credit card number. The FBI Cybercrime Division even issued a warning to the healthcare community that its security measures were inadequate and couldn’t defend against a basic attack, let alone an advanced threat.

EHRs sell for about $50 a pop and can generate profit in many ways. The medical identity may be sold, so someone can get an operation they otherwise couldn’t afford. Details, like a mother’s maiden name, are most likely included as well -- extremely useful for identity theft. And then there’s that other sensitive information. EHRs contain personal info ranging from drug rehab to STDs and details you wouldn’t want anyone knowing. This information can be posted on the Internet, adversely affecting a person’s life, ruining career potential, and even opening one up to blackmail. The FBI acknowledged the value of this opportunity, calling healthcare “a rich new environment for cyber criminals to exploit.” Kudos for your accomplishments in this area.

Then there was Apple. That breach created one of the bigger media storms in 2014 and drew the most attention. This one was clearly just for fun and to remind us that you enjoy some celebrity gossip just like the rest of us. A classic phishing scam duped celebrities out of their logins, and some clever third-party forensics software allowed you to gain data right from iCloud. Then, you were kind enough to share your bounty of photos with everyone, ensuring that gossip sites and forums had a field day.

In 2014 you also demonstrated increasingly impressive organizational skills. You began selling your hacking services and running your organization in a very notably corporate fashion. The Blackshades malware reflects this growing sophistication. After infecting more than a half-million machines across more than 100 countries, you were shown to be running your hacking operation like a very organized and professional business, replete with paid staff, customer service personnel -- even a marketing director to promote Blackshades. Now that is some well organized crime!

The list goes on, pointing to an outstanding year. The cyber security market is estimated to be worth about $76 billion annually, and demand for security solutions is at an all-time high. Yet you remain effective. As we have improved at stopping you, you have improved your methods, making them more sophisticated and advanced.

In 2015, you’ll keep showing us why the cyber security market is as immense as it is and why it will never stop growing. Despite what we’ll spend to protect and educate ourselves, you’ll keep on doing what you do best: exploiting vulnerabilities in operating systems and people. You’ll continue to show that we can never let our guard down and must remain vigilant at all times. To that end, we’ll keep exercising best-practices by making sure our systems are patched on Tuesdays, our antivirus is up-to-date, and to teach people -- our softest spot in the armor -- to stop being duped into clicking the links you send them.

We'll see you on the battlefield next year. Be prepared. We will be.

– Sergio

Sergio Galindo has more than 20 years of global professional IT experience. Prior to his appointment as General Manager of GFI Software, he served as the company's CIO. He also spent 18 years managing global IT programs for large companies in the financial industry, including ... View Full Bio
Comment  | 
Print  | 
More Insights
Oldest First  |  Newest First  |  Threaded View
User Rank: Apprentice
12/31/2014 | 11:46:21 AM
Cyber crime
Wow, seeing all of these breaches at one time really does demonstrate how deeply vulnerable we were and how sophisticated these cyber criminals really are. I was aware of these specific situations, but to read about all of these situations occurring all in 2014, really highlights how unprepared we were. Hopefully we will learn and limit the number of instances where history repeats itself in 2015.
Eric Kruse
Eric Kruse,
User Rank: Apprentice
1/4/2015 | 1:29:08 PM
Fantastic Article.


Looking back on 2014 I can say one thing... I am glad I own Palo Alto Stock :).  All jokes aside some of the most concerning matters to me as you pointed out are electronic health records.  With the information listed on those documents all types of malicious activities can be conduct against an individual which would make getting one's identity and privacy back a non-existent.  So much for doctor/patient confidentiality and that form we have to sign for HIPAA.  The huge push for Electronic Medical Records, and the onboarding of so many into the medical system over the last year (#2 sector for 2014) baked on the bad habit of "we have to get it done now".

When I say getting it done now I talk about the general theories behind software development.  Everyone needs to make money, and you cannot have something in development for such a period that would make it unfeasible.  Let's face it and take those profits earned in the sector and start building resilient infrastructure, intelligence driven CND, and processes that protect our health information.
Marilyn Cohodas
Marilyn Cohodas,
User Rank: Strategist
1/5/2015 | 3:27:31 PM
Whose keeping score?
 My reaction to the article is that the cybercriminals are winning! As Serigio writes, "as we have improved at stopping you, you have improved your methods, making them more sophisticated and advanced."  Definitely good for the investers in cyberecurity. But is throwing $76 billion in new technology going to solve the problem? 
Eric Kruse
Eric Kruse,
User Rank: Apprentice
1/5/2015 | 3:50:41 PM
Re: Whose keeping score?
Money cannot solve all problems, "technology".  Technology is used to assist in risk management.  The greater solution is the intel driven CND which takes into account people, process and technology in unison.  Anyone who tries to buy a magic bullet piece of equipment is in for a world of shock.  Saying that current methodologies are not working means that "conventional" methodologies need to be adapted to the organization's needs.  So in short, think don't buy.
Marilyn Cohodas
Marilyn Cohodas,
User Rank: Strategist
1/5/2015 | 4:08:15 PM
Re: Whose keeping score?
Totally agree @Eric Kruse. It will be a combination of people, process and technology that will ultimately win the day. But we've got a long way to go!
NSA Appoints Rob Joyce as Cyber Director
Dark Reading Staff 1/15/2021
Vulnerability Management Has a Data Problem
Tal Morgenstern, Co-Founder & Chief Product Officer, Vulcan Cyber,  1/14/2021
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This is not what I meant by "I would like to share some desk space"
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-01-20
NVIDIA SHIELD TV, all versions prior to 8.2.2, contains a vulnerability in the implementation of the RPMB command status, in which an attacker can write to the Write Protect Configuration Block, which may lead to denial of service or escalation of privileges.
PUBLISHED: 2021-01-20
NVIDIA SHIELD TV, all versions prior to 8.2.2, contains a vulnerability in the NVDEC component, in which an attacker can read from or write to a memory location that is outside the intended boundary of the buffer, which may lead to denial of service or escalation of privileges.
PUBLISHED: 2021-01-20
NVIDIA SHIELD TV, all versions prior to 8.2.2, contains a vulnerability in the NVHost function, which may lead to abnormal reboot due to a null pointer reference, causing data loss.
PUBLISHED: 2021-01-20
OpenMage is a community-driven alternative to Magento CE. In OpenMage before versions 19.4.10 and 20.0.6, there is a vulnerability which enables remote code execution. In affected versions an administrator with permission to update product data to be able to store an executable file on the server ...
PUBLISHED: 2021-01-20
Weave Net is open source software which creates a virtual network that connects Docker containers across multiple hosts and enables their automatic discovery. Weave Net before version 2.8.0 has a vulnerability in which can allow an attacker to take over any host in the cluster. Weave Net is suppli...