Krebs warns of cyber criminal mind shift

Renowned investigative journalist Brian Krebs of Krebs on Security warns that cyber criminals are changing tact in how they go about their work and seek gains for their exploits.

Speaking at Okta’s annual conference in Las Vegas, Krebs told attendees that this “mind shift” will play out in a few key threats that he expects to peak over the coming year.

According to Krebs, account takeovers, ransomware, phishing and extortion-based DDOS attacks are all going to become a lot more targeted, making it more expensive and difficult to recover from and that no organisation is safe.

Krebs says that when an organisation gets hit with credential attacks stolen from a LinkedIn data breach, for instance, it’s pretty easy to block as the password checking activity usually comes from a single IP. However, “bad guys” are now becoming a lot more savvy about how they do these account checking attacks.

“They’re basically running large distributed botnets of hacked computers - in many cases we’re talking about tens of thousands or hundreds of thousands of computers - and so you could imagine the difficulty in trying to filter that activity. If you’re trying to test a billion passwords and you can distribute it over 100 thousand systems over a couple of days - nobody is going to see that type of low slow attack and that’s what we’re dealing with. I think we can expect to see a lot more of that going forward.”

He noted that ransomware is also heading towards a more targeted shift within the cyber criminal community where attackers are taking more time and effort to figure out what the stolen data is worth and how much the organisation would be willing to pay to get the data back instead of demanding the same amount from every victim.

“Put yourself in the criminals’ shoes - they’re on cybercrime forums trying to make a living selling all of this stolen data and, well, its kind of a pain dealing with other criminals because, guess what, they try to rip you off all the time and at the end of the day - they’re cheap. So attackers are now starting to bypass the underground forums (effectively the middle man) and go back to the victim company that they stole the data from. Because those folks are probably more willing to pay more than your average cyber criminal.”

Krebs also sees underground forum members hiring each others services to launch more targeted phishing attacks against corporations that they want to get access too.

“Some of these members even solicit bids regarding the names of people within organisations that could serve as insiders as well as a list of people who might be susceptible to being recruited and extorted. If this doesn’t put the fear of God in you, then I don’t know what will.

“A lot of companies are getting very nervous about how easy it is now for disgruntled employees to go over to the dark web and sell access to their company’s network or sell their company’s trade secrets. It’s a very real threat so treat you're employees well, keep them very close and pay attention to what they’re doing.”

Krebs urges organisations to think more like the attackers and perform gap analyses on a regular basis to determine where the weaknesses within their systems may lie. He added that determining how much is being spent on keeping the attackers out versus how much is spent trying to respond as quickly as possible after the breach and before it metastasises into a bigger problem is the most important question every organisation needs to ask themselves.

“If an organisation is advanced in its security maturity level, the leadership will be in the habit of asking some very hard questions on a regular basis. These may be questions they don’t even want to know the answers too, but they’re mature enough to know they need to be asking them.”

Join the CSO newsletter!

Error: Please check your email address.

Tags extortion-based DDOS attacksBrian Krebsaccount takeoversLas VegassecurityOktaphishingransomwarecyber criminal

More about Okta

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Krishan Sharma

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place