According to a recent report groups in “China continue to target Western interests, but there has been a shift in focus from the theft of intellectual property to identity information” according to BusinessInsurance.com which drew these conclusions from a February 23, 2015 recent HP report entitled “HP Security Research, Cyber Risk Report 2015” which also stated:
Activity in the cyber underground primarily consists of cyber crime involving identity theft and other crimes that can be easily monetized.
The 7 key themes of the HP Report are:
Theme #1: Well-known attacks still commonplace – Based on our research into exploit trends in 2014, attackers continue to leverage well-known techniques to successfully compromise systems and networks. Many vulnerabilities exploited in 2014 took advantage of code written many years ago—some are even decades old.
Theme #2: Misconfigurations are still a problem – The HP Cyber Risk Report 2013 documented how many vulnerabilities reported were related to server misconfiguration.
Theme #3: Newer technologies, new avenues of attack – As new technologies are introduced into the computing ecosystem, they bring with them new attack surfaces and security challenges.
Theme #4: Gains by determined adversaries – Attackers use both old and new vulnerabilities to penetrate all traditional levels of defenses. They maintain access to victim systems by choosing attack tools that will not show on the radar of anti-malware and other technologies.
Theme #5: Cyber-security legislation on the horizon – Activity in both European and U.S. courts linked information security and data privacy more closely than ever. As legislative and regulatory bodies consider how to raise the general level of security in the public and private spheres, the avalanche of reported retail breaches in 2014 spurred increased concern over how individuals and corporations are affected once private data is exfiltrated and misused.
Theme #6: The challenge of secure coding – The primary causes of commonly exploited software vulnerabilities are consistently defects, bugs, and logic flaws.
Theme #7: Complementary protection technologies – In May 2014, Symantec’s senior vice president Brian Dye declared antivirus dead and the industry responded with a resounding “no, it is not.” Both are right. Mr. Dye’s point is that AV only catches 45 percent of cyber-attacks —a truly abysmal rate.
No surprises in this HP report!