Читать книгу Cybersecurity and Third-Party Risk - Gregory C. Rasner - Страница 30

The breaches and security incidents described in this book are primarily caused by cybercriminals and other bad actors. Breaches occur when an unauthorized individual gains access to a network and exposes sensitive data. Cybercrime is when such individuals use computers or the internet to perform criminal activities. The following outlines several types of cybercrime:

 Email and internet fraud: A fraudster sends an email enticing the user to a financial gain by offering a scheme, such as you will receive $10,000 or more if you send a portion of that amount to release it.

 Identity fraud: This cybercrime occurs when a cyber bad actor uses stolen identity data to commit a crime (e.g., when they apply for a credit card using a stolen identity).

 Financial and payment card data theft: Just as it sounds, this cybercrime is the stealing of credit/debit card numbers or nefarious direct access to bank accounts.

 Theft and sale of protected corporate data: While the focus is often on PII, there are other types of sensitive data at nearly every company that can be stolen and sold by bad actors, including internal price lists, computer/network information, financial data, and intellectual property.

 Ransomware: This cybercrime includes encrypting (i.e., making it unavailable to read) the target's data—ranging from a single desktop to whole server farms—and demanding money to unlock the encryption.

 Crypto jacking: This cybercrime is stealing your computer's processing power to “mine” for cryptocurrency and does not include targeting data.

 Cyberespionage: Whether done by a state actor (i.e., country), cybercriminals, or a competitor, this cybercrime involves spying on a firm using electronic means (i.e., computer).

The types of bad actors and their motivations can vary just as widely. While the vast majority are out for financial reward, a few other drivers exist:

 Cybercriminal: The modern‐day equivalent of the bank robbers, cybercriminals are electronic thieves. Most often, they deploy ransomware, phishing attacks, spear phishing, fake documentation, or denial‐of‐service attacks. The Home Depot attack in 2014 was the work of cybercriminals to steal payment card information.

 Nation‐state: Many nations have dedicated, highly skilled hackers who're paid to hack and perform espionage. However, some countries are more like cybercriminals, using their resources to become electronic bank robbers, and are known as Advanced Persistent Threats (APTs) because these organizations have nearly unlimited resources and time to focus on their target. Examples include the Sony attack by North Korean hackers in 2014; and Stuxnet (in 2009) whose origin hasn't been confirmed but largely thought to be a collaboration between Israeli and U.S. intelligence services to damage and delay the Iranian nuclear plans. Stuxnet is largely considered the first occurrence of cyberwarfare.

 Disgruntled employee: The insider threat is often not appreciated by business. We like to trust our employees and colleagues; however, there are some who will steal company data or property. For example, in 2018, a Tesla employee sabotaged the computer systems and sent proprietary data to outside parties.

 Professional hacking group: Usually this group consists of a loose confederation of highly skilled hackers who pool their resources to target for a political purpose, financial gain, or on behalf of cybercriminals. This group can also be referred to as APT due their resources and commitment. In 2020, the Philippine Long Distance Telephone (PLDT) company had its customer service Twitter account hacked by the Anonymous Philippines group. The group changed the profile name to “PLDT Doesn't Care.” The first tweet by the hackers was aggressive: “As the pandemic arises, Filipinos need fast internet to communicate with their loved ones. Do your job. The corrupt fear us, the honest support us, the heroic join us. We are Anonymous. We are Legion. We do not forgive. We do not forget. Expect us.”

 Hacktivist: Driven by political or social causes, this bad actor typically steals embarrassing information to cause reputational damage. The 2012 WikiLeaks' leaking of declassified information from the U.S. State Department and other countries is an example of hacktivism.

 Botnet masters: These malware creators create bots, which are an automated collection of internet‐connected devices that an attacker has compromised. These bots are leveraged by the creator to steal data or compromise systems. The botnet Mirai is a prime example. In 2016, the creators of this botnet software launched an attack on a security service company and at its peak infected over 6 million devices.

 Script kiddies: These generally unsophisticated hackers use off‐the‐shelf tools to gain access mostly for bragging rights, but sometimes for financial gain. In 2015, a 15‐year‐old was arrested for hacking into the U.K. telecom carrier TalkTalk Group PLC. While the attack was not sophisticated, it exploited an easy SQL injection method to gain access to a database.