To prepare for these surprises, improve your awareness of data in these dumps. Engage qualified threat research teams that monitor the Internet underground for cyber-criminal activities that may heighten just before a dump occurs, says Lazarikos. When dumps do happen, an incident response plan should be in place to enable the organization to research its environment, coordinating internal and external threat research efforts to gauge the damage as it happens and find the source of the attack using forensics tools and experts, says Lazarikos. Use these resources, law enforcement, and remediation technologies and techniques that should already be in place to bring the event to a speedy close.
Zero-day attacks last between 19 days and 30 months, with a median of eight months and an average of approximately 10 months.
“Before We Knew It. An Empirical Study of Zero-Day Attacks in the Real World”, Symantec Research Labs, 2012
- Quarterly Earnings Day. Attacks occur on public companies just before a big quarterly earnings release, combined with shadow shorting of the company’s stock in order to make money based on the ensuing mayhem, says Michael Argast, director, security solutions, TELUS. “Shorting is basically selling a stock without owning it, with the plan to buy the stock later on when the price drops. By creating a crisis, the attackers can manipulate the stock price downwards and profit when the price goes back up,” explains Argast.
To defend against this cyber thug celebration, make sure the security team is on high alert and recognizes that this is a critical time for the business, says Argast. Realize that the criminals don’t necessarily need to use a technological attack vector to create havoc here. “They can also use fake press releases to create false, foreboding news about the company. Monitor social and financial networks for information that may be inaccurate and be ready to respond quickly,” says Argast.
- Black Friday / Cyber Monday. Heavy shopping on these dates means more exposed credit cards and consumer information, driving attackers to take advantage at these times.
Retail security expert Demetrios Lazarikos, CISO, vArmour cites these areas of preparation for preventing the attackers from seeing the most profit on these dates. Use data center / IT and security solutions that are non-intrusive and transparent to stakeholders so that the organization can continually see what is going on inside its systems despite its constant embrace with emerging technologies, according to Lazarikos. “Embed IT solutions that align with digital transformation and evaluate these technologies even during the holiday shopping season. This is the best time to evaluate new systems since this is when the most traffic will visit your environment and when cyber criminals are most active,” says Lazarikos.
- Tax Day. “I’ve seen an increase in phishing/spear phishing attacks on the business around Tax Day (April 15th),” says Lazarikos. The emails typical of these attacks assume the authority of the IRS in requesting that the recipient visit the ‘IRS’ website link enclosed or open the ‘IRS’ file. The file or link contains requests for updated personally identifiable information or PII, which the attackers will exploit.
Sign up for Computerworld eNewsletters.