Apple now has the dubious distinction of most-phished brand, according to the latest report from the Anti-Phishing Work Group.
For the first half of this year, 17.7 percent of all phishing attacks were aimed at Apple -- a first for the brand -- followed by PayPal (14.4 percent) and Chinese shopping site Taobao.com (13.2 percent), the APWG reported.
Have phishers suddenly become more interested in stocking their music libraries from iTunes than siphoning money from PayPal? Not quite.
"We're seeing a lot of account takeover types of stuff, and your Apple ID is tied into everything," report coauthor Rod Rasmussen told TechNewsWorld.
Target Churn
Phishers can get into all kinds of mischief with an Apple ID, suggested Rasmussen, who also is president and CTO of IID.
"I'm betting some of the naked celebrity photos were stolen with the use of Apple IDs," he said.
"They can be also used to lock a user out of their phone and ransom it back to them for money," Rasmussen continued. "There are lots of different attack vectors, which adds up to why Apple is being phished as heavily as it is."
A greater variety of institutions now are being targeted by phishers, compared to the past, the APWG report notes. For example, in the first half of this year, the group found 756 unique institutions targeted by phishers. Almost half those targets -- 347 -- hadn't been phished in the previous six-month period.
"This amount of churn, or turnover, shows phishers trying out new targets," APWG reported. "They are looking for companies that are newly popular, have vulnerable user bases, and/or are not ready to defend themselves against phishing."
Behavioral Defenses
If the mammoth data breaches in recent months illustrate anything, it's that perimeter defenses alone aren't adequate to keep attackers at bay. Defenders need to accept the fact that their systems will be penetrated and deploy defensive strategies to deal with that inevitability.
One strategy is to combine behaviorial analysis with big data to identify those internal threats.
Intruders that have penetrated a system can be very difficult to identify without some kind of machine assistance.
"Once they're inside, they'll look like regular employees, because they've hijacked an employee's credentials," Idan Tendler, CEO of Fortscale, told TechNewsWorld.
Intruders eventually engage in behaviors that give away their masquerade, though.
"The only way to identify these suspicious users is by profiling their behavior, by analyzing system logs that document their behavior," Tendler said.
The profiles can be used to establish a normal behavior pattern, and "from that, you can automatically spot abnormal behavior by users," he explained.
Profiling Misbehavior
An added benefit of identifying intruders who've compromised an employee's credentials is that potential malware attacks also can be identified. For example, a large proportion of Advanced Persistent Threats -- 76 percent by some estimates -- eventually end up stealing credentials on a system.
"Why?" asked Tendler. "Once the malware infiltrates the enterprise, it hijacks credentials to be used for reconnaissance and exfiltration of information from the system."
Behavioral analysis also can be used to make perimeter defenses stronger.
"If you have a website that's public-facing, or a mobile app, you want to understand who your customer is -- because, as we've seen, passwords are becoming less and less effective," said NuData Security Director Of Customer Success Ryan Wilk.
"You need better ways to find these anomalies to give a customer better insight into who is touching their website and how it's being used," he told TechNewsWorld, "so when an account or transaction is created, you can know if that account or transaction is valid."
Behavioral analysis can be a way for system defenders to see the bad trees in the forest of data moving through their networks every day.
"Bad behaviors will stand out drastically from good behaviors," Wilk said. "It's very easy to identify these artifacts when you're pulling together all this data, creating behavioral profiles and seeing what the anomalies are."
No comments:
Post a Comment