Page 100 - CDM Cyber Warnings February 2014
P. 100
computational capabilities that are able to interact with the intelligence in the same segment of the market, by big players
surrounding environment, they could be used to infiltrate on the market for struggling, and hackers as well.
domestic networks and to serve any kind of malicious code
within targeted systems. Hackers will increase pressure on consultants and
Gaming console could be used also to build a powerful alerting subcontractors
network, every device of these architectures is represented by a
gaming device that is always online and exchange data to peers In 2014 I believe that the number of attacks against
monitoring for anomalous traffic and any other sign of malicious subcontractors and consultants will increase with a concerning
activity. Cybercrime, cyber terrorism and state-sponsored trend. These categories of professionals represent in the majority
operations could be also monitored analyzing a series of network of cases the weakest ring in the information chain.
activities and indicators thanks to the use of gaming platforms.
The vulnerabilities in the information management are usually
Increased exploitation professional social networks related to the way those entities manage sensitive data targeted
by hackers, but in many cases the flaws are present in the way the
Cybercrime and state-sponsored hackers will increasingly target contracting authority and subcontractors/ consultants exchange
executives and organizations via professional social networks. information.
A recent research of Group-IB on cybercrime senior
management remarked that senior management is among most The attack techniques are becoming even more sophisticates,
privileged targets, attacker are interested to to personal details watering hole attacks and spear phishing are the most common
of key employees to arrange attacks against the organizations. techniques of attack for targeted offensives and their frequency
The problem is very actual in banks, defense and online- is destined to grow. Consultants, contractors, vendors and others
trading companies. The precious information is available in entities typically share sensitive information with the large
professional social networks where employees use to share a corporate and government entities, this consideration makes
mine of sensitive information used by hackers for intelligence them a privileged target for hackers. It is also expected that a
activities on the targets. growing number of large enterprises will review their security
policies to better approach the possible cyber threats and to
Targeted attacks against professional social networks will promptly respond in case of incident.
explode, hackers are interested in the credentials of middleware
employees and senior management for placing malware and Pierluigi Paganini is the Editor-in-Chief of Cyber Defense
getting more information about the network topology of Magazine (CDM). He has a Bachelor in Computer Science
potential victims, sometimes they spawn a specially crafted code Engineering IT, majoring in Computer Security and Hacking
for reverse connection to use the infected machine for cyber techniques. Security expert with over 20 years of experience in
espionage. the field. Certified Ethical Hacker at EC Council in London.
Actually he is the Chief Security Information Officer for Bit4Id,
The attacks will mainly target IT-administrators and IT- Researcher, Security Evangelist, Security Analyst and Freelance
managers because most of them have full access to the Writer. The passion for writing and a strong belief that security
company�s infrastructure, which means that if they will be is founded on sharing and awareness led Pierluigi to found the
compromised, the attackers may gain access to different security blog „Security Affairs�. Author of the Books "The Deep
information resources, including corporate e-mails. Dark Web" and �Digital Virtual Currency and Bitcoin�, with a
daily blog called Security Affairs and frequent updates and
The side effect for the increment of the number of attacks against oversight on Cyber Defense Magazine, he can be reached at
professional social networks is that increase of the offer on the [email protected].
underground market of company confidential data (e.g.
Customers database and partners� contacts (CRM), employee
database, credentials to corporate e-mails and personal e-mails
of employees), mostly it is used by competitive entities for
CYBER DEFENSE MAGAZINE - ANNUAL EDITION 100
