Advertisment

Cyber attacks pattern shows a switch to quality over quantity

cyber attacks became increasingly more complex in order to evade detection, according to a Trend Micro’s annual security round-up report

author-image
Soma Tah
New Update

BANGALORE, INDIA: The year, 2014 saw a switch to “quality over quantity” by hackers, as cyber attacks became increasingly more complex in order to evade detection, according to a Trend Micro’s annual security round-up report.

Advertisment

Web threats largely remained multicomponent in nature. However, as security events proved, attackers continued to fine tune their strategies even if these were not original to obtain not just more victims but more desirable ones.

The report’s findings also confirmed Trend Micro’s late 2013 prediction that one sizable data breach would occur every month – further emphasising the need for organisations to protect their networks and implement intrusion detection.

Cyber attacks cost Sony around $100m and compromised around 100 terabytes of data, making it the most prolific in a chequered year for the security industry, according to the report.

Advertisment

“The past year was unprecedented in terms of the size and scope of cyber attacks as evidenced by the Sony situation,” said Dhanya Thakkar, Managing Director, India & SEA, Trend Micro. “Unfortunately, this will most likely be a ‘sneak peek’ of what is to come.”

All of the reports on who were responsible for the Sony Pictures hack have so far been inconclusive. Some believe it was an insider job akin to the Amtrak incident motivated by reasons like money, ideology, coercion, or ego. Others, meanwhile, chose to lay the blame on hacktivists.

At the end of the day though, it does not matter who was at fault. Had the conglomerate learned from past incidents and protected its network from possible intrusions, it could have spared itself from this situation.

Advertisment

For Sony, custom defense could have given security defenders a means to detect an intrusion early on, as files are being accessed and deleted or sent outside the network. To do that though, they should first know their baseline. They should know how their networks are configured and what the systems that comprise them contain so they can spot irregularities or clues of lateral movement.

tech-news security must-read