The threat landscape and other cyber news from Q1 2015

Tom Pritchard

Threat Landscape

Trends and vulnerabilities reported in Q1 2015 include the following:

  • The World Economic Forum’s 2015 report into global risks listed cyber attacks as one of the most likely high-impact threats in the modern world (only behind water crises, interstate conflict and failure of climate-change adaptation).
  • The European Network and Information Security Agency (ENISA) recently published:
    • The third annual “Threat Landscape” document analysing the top cyber threats currently facing the world. Among the major changes noted in 2014: increased complexity of attacks, successful attacks on vital security functions of the internet, and successful international coordination of operations involving law enforcement and security vendors.
    • A report aimed at internet infrastructure owners and operators highlighting the threat landscape and best practice. Specific threats to connectivity include routing threats, DNS threats and denial of service threats.  The “Threat Landscape and Good Practice Guide for Smart Home and Converged Media” report. Read the full report here.
    • ENISA also concluded its year-long simulated cyber crisis, Cyber Europe 2014, including 23 European Union countries. The simulated exercise aimed to review cyber crisis management mechanisms throughout the continent. Early indications suggested that Europe has a strong and maturing community of cyber crisis managers, however, the report is not due to be published until May 2015. Plans are already underway for Cyber Europe 2016.
  • Cisco’s 2015 Annual Security Report suggested that government agencies, in general, appear to be better able to cope with data breaches and have stronger cybersecurity than the private sector. About 43% of the public sector fell into the “highly sophisticated” category while financial services and pharmaceutical companies registered 39% and 32% respectively.
  • PwC’s latest Global Economic Crime Report concluded that, having surveyed 5,128 companies from 99 different countries, one in four companies experienced cyber crime and of those, 11% have suffered losses greater than $1 million.
  • According to various sources including this report on Reuters, Russian cybersecurity company, Kaspersky, publically stated that a hacker group called Carbanak stole up to $1 billion from financial institutions around the world in the last two years. The conclusion was the result of Kaspersky’s collaboration with Interpol and Europol, in which it was found that the group used carefully crafted emails to trick particular employees into using invasive software (a technique called “spear phishing”). Once the software had been opened, the hackers supposedly gained access to video surveillance and began mimicking the activity of bank tellers when transferring money between accounts and then ordering cash machines to dispense money at predetermined times. Read more broadsheet coverage here and here.
  • The Guardian reported that NATO fights a daily cyber war against malware, hacktivists, organised criminals and state-sponsored attacks with a 200-strong team covering operations for about 100,000 people at 34 NATO sites. The unit dealt with over 3,600 abnormal activity or instruction attempts last year, of which there were about five confirmed cyber attacks per week.
  • In November 2014, the Information Commissioner’s Office (ICO) warned organisations that they must do more to protect their websites against one of the most common forms of online attack, known as SQL injection. The warning came after Worldview Limited, a hotel booking website, was fined £7,500 following a serious data breach stemming from the company’s website’s vulnerability.
  • The global hotel chain, Marriott, was warned about the vulnerability of its customers’ data by software developer Randy Westergren when he found problems with the company’s Android app. Westergren discovered a security issue that made available customers’ full names, postal and email addresses and credit card information. Westergren and Marriott security have now moved swiftly to address the issue.
  • The US and UK made a serious pledge to collaborate on cybersecurity in January 2015. The first collaboration was the planned “war games” to test each other’s preparedness for a cyber attack. The drill simulated attacks on the City of London and Wall Street in order to test the resilience of financial institutions. In order to plan further joint war games, Cameron and Obama spoke of setting up cyber cells either side of the Atlantic in which GCHQ and the NSA can share information and review strategies.

Recent attacks

Some recently reported attacks which illustrate a range of public and private sector targets – and a range of consequences – include:

  • US health insurance company, Anthem, reported that hackers stole personal information relating to up to 80 million people. The hackers obtained names, birthdays, social security numbers, street addresses, email addresses and employment information, including income data. Anthem had to alert the FBI and hire cybersecurity firm FireEye to investigate. This led to security experts warning that healthcare and insurance companies could become the next big targets of cyber crime. As healthcare and insurance companies tend to hold masses of personal (and often very private) data about large numbers of individuals, the tech press picked up on expert predictions that hackers are moving away from financial organisations towards the less secure health sector. In the UK, the ICO also made similar predictions about the NHS.
  • The hack of an unnamed steel mill in Germany in January 2015 was reported to be the second ever recorded incidence in which a cybersecurity breach caused actual physical damage. The hackers managed to manipulate the control systems to the steel mill’s blast furnace causing destruction of equipment.
  • The Obama administration was given a stark reminder of the threat posed by hackers after the US military’s Central Command twitter account was allegedly hacked by ISIS in January 2015. The terrorist group posted the message, “American soldiers, we are coming, watch your back. ISIS” on the account and provided a link to a statement that claimed the terror cell were already inside all the military’s computers.
  • The Australian government became concerned about the rising threat of cyber espionage after reports that Chinese spies had stolen the designs of its new F-35 Joint Strike Fighter jet.
  • Games developer, Money Horse, were forced to abandon the development of its game “Glorious Leader!” after hackers penetrated the game’s data files and shut down production completely. The game allowed players to assume the role of the North Korean leader, Kim Jong-un, as he bids to take on the US Army.
  • Malaysia Airlines were hacked in January 2015 by the hacking group, Lizard Squad. The airline’s website went down for almost a full day as Lizard Squad left the message, “404 – Plane Not Found” (a reference to the the missing plane MH370). Worryingly, the message also said that the site had been hacked by the “Cyber Caliphate” raising suspicions that Lizard Squad, who previously only attacked gaming sites, may now be allied with the Islamic State.

M&A and investment

Recently reported investment and M&A activity in the cyber security sector includes:

  • Venture capital funding in new cybersecurity companies increased by more than a third in 2014 according to research company Privco, as reported by the FT. Over $2.3 billion was invested last year as high-profile hacks fuelled early stage investment in online security companies.
  • In 2014, ESG, a leading provider of testing, inspection and compliance services, published its IT spending intentions survey survey revealing that “security/IT risk management initiatives” is the most popular initiative driving IT spending at large organisations. This marked the first year that security has topped the list.
  • The latest Cybersecurity 500 (containing the cybersecurity companies to watch in 2015) featured only 11 UK companies, as reported by TechWorld.
  • London will be launching a cybersecurity technology business incubator in April 2015. The incubator, named CyberLondon (or CyLon), will grant £5,000 each to ten teams who will then house themselves within the incubator for 13 weeks. The incubator has been founded by Alex van Someren of Amadeus Capital Partners, however, the incubator is not-for-profit and will not take equity stakes in any of the businesses.

Leave a Reply

Your email address will not be published. Required fields are marked *