A Confident and Difficult Client

One Tuesday afternoon the Business Development team head, Nora dashed to the Professional Services Team in a rush saying a corporate client asking for penetration test service. "It is a big deal but starts small with a multi-platform mobile apps and its back-end infrastructure", she said.

After going through all the paper works, the project started as usual. Soon the Professional Services Team became aware they were facing an almost insurmountable challenge.

Put the Cart before the Horse

Quite often it is tempting for security professionals rushing out to buy firewalls, intrusion protection systems even before knowing what the cybersecurity threats and online attacks they are facing.

Threat Modelling

Recent incidents of cyber attacks on financial institutions, JP Morgan and others, appear to be under targeted cyber-attacks. That is, the attackers are quiet, prepared and they are invisible at least for now. And it isn’t as if Chase hasn’t invested in threat protection. This year alone, it plans to spend more than $250 million on cybersecurity, according to a letter to investors from April.

A Russian crime ring has accumulated over 1 billion Internet credentials, The New York Times is reporting [1]. The hacking ring, apparently based in a small city in south-central Russia, is said to have 1.2 billion stolen usernames and passwords, including access to 500 million email addresses.

A backdoor can be inserted by vendor for remote support or by cyber actor for unauthorized system access. Backdoors present significant risks to enterprises because potentially anyone who knows or finds out about one could abuse it and not be easily detected.

KEY PLAYERS OF CYBER ATTACKS

In the recent publication of MIT Technology Review on "Cyber Attacks"[1], among other things cyber criminals, cyber-spies, hacktivists, and state-sponsored actors are key players.

 

NINE CYBER ATTACK PATTERNS

Nine classification patterns covered the majority (92%) of 100,000 security incidents of past 10 years, according to Verizon's 2013 study [2].

The basic patterns are listed below.

1. Point of Sales Intrusions

2. Web Application Attacks