More and more, today's organizations need to develop effective and comprehensive strategies to face the increasing number of cyber attacks, including phishing, ransomware, DDoS attacks and many more.
We have gathered 3 examples that illustrate why Chief Information Security Officers (CISOs) have become a critical element of any organization that seeks to protect its sensitive data against breaches, fraud and security incidents.
Today, one of the most profitable cybercrime operations was discovered and dubbed “Methbot.” Methbot generates $3 to $5 million in revenue for its Russian operators and leverages thousands of automated web browsers, fraudulent IP addresses and a “bot farm” to fake traffic to generate revenue from pay per click advertisements.
While other malware has generated machine generated visits to collect PPC revenue, Methbot escalates the fraud to a level unimagined. According to Whiteops, the organization that broke the story, “Methbot is so embedded in the advertising ecosystem the only way to shut it down is to make the details available to the public to take action.” Because of the number of bots, IP addresses, and automated web browsers Methbot will likely continue to generate revenue for some time.
Just over a month ago the Mirai malware turned IoT devices such as CCTV cameras into bots to direct traffic at targeted websites including Dyn, the largest managed DNS provider serving customers such as Twitter, the Guardian, Netflix, Reddit, CNN in what was called the largest Distributed Denial of Service (DDoS) attack of its kind in American history.
Brian Krebs, author of Spam Nation, former Washington Post writer and infamous cyber-blogger was the target of an earlier attack from the Mirai code which forces Akamai to pull his site offline. The Mirai code was released free to the public and is certain to be aimed at new targets leveraging the more than 60 million IoT devices that have factory default passwords and are susceptible to the malware. While DDoS attacks don’t generate revenue like Methbot, they take websites offline shutting off revenue and often the attacker will demand a ransom in order to stop their attack.
Intellectual property theft has exploded over recent years and while the numbers of spies from our Eastern neighbors are still hard as work stealing IP through traditional means, the easy money is made through malware. The Justice Department has called the corporate espionage a national security emergency. Thousands of companies have had their intellectual property exfiltrated by malware that according to the Justice Department and other experts is delivered by Chinese state employees.
American Superconductor featured on 60 Minutes last year is the poster child for a company being driven to the brink by IP theft but quite literally thousands more are losing an estimated $500 billion a year by having its products copied and sold by companies who steal their innovations.
Methbot, Mirai, and malware purpose-driven to exfiltrate intellectual property are costing organizations billions in lost revenue and most that have studied this trend suggests that company leaders are drastically underestimating the impact on their business. CISOs, CSOs, and heads of security in these organizations are tasked with keeping their organization’s intellectual property safe and secure and frankly, the means are available to be successful.
>> Read the blog article How to Succeed in Your First 100 Days as CISO for advice on how to navigate your role successfully.
The right people, processes, and technology have proven to uncover or completely thwart Methbot, Mirai, and other attacks aimed at perpetrating fraud, stealing secrets, or bringing down revenue generating e-commerce.
Watch our webinar in collaboration with Hitachi Vantara: "The Big Bang" of IoT, Mobile, Cloud and Analytics