As we’ve repeatedly seen over the past few years, a major breach is rarely isolated, and information stolen or leaked from one organization can be leveraged to attack numerous other organizations,
July 25, 2017
Leaked exploits and hacking tools dumped online for every cybercriminal’s easy access fueled significant illegal activity in the first half of this year according to key findings in a new mid-year report by cyber threat intelligence provider, SurfWatch Labs. In the analysis of cyber events, the problem of stolen cybercrime tools was exacerbated by wide-spread data dumps and prolific hacking-as-a-service offerings.
“A year ago, our mid-year report showed the interconnectedness of cybercrime through extensive supply chain hacks and compromised IoT devices,” said Adam Meyer, chief security strategist, SurfWatch Labs. “Find one weak link and maximize it for all its worth was the name of the game then… and that still happens today with even more evidence of how the criminal ecosystem maximizes efforts through shared resources, skills for hire and sometimes, outright theft.”
Previously stolen exploits from NSA and CIA, allegedly released by hacker group TheShadowBrokers, enabled many more malicious actors to attack organizations. WannaCry and NotPetya are two recent exploit examples. The availability of the source code was prevalent and, according to Meyer, “It’s criminals leveraging other criminals and selling to other criminals.”
SurfWatch Labs collected cyber threat data from thousands of open and dark web sources and then categorized, normalized and measured it for impact based on their CyberFact information model. Highlights from the SurfWatch Labs Cyber Risk Report: 2017…