We’re not even halfway through 2014, and already it has been an incredibly trying year for cybersecurity experts. If it feels like data breaches are happening all the time–from the Heartbleed bug, to last week’s FBI announcement about five Chinese military officers who hacked corporate secrets, to eBay admitting that a “large amount” of their 148 million customers’ data was swiped two months ago–that’s because they are.
Patrick Peterson, the founder and CEO of San Mateo, California-based email security firm Agari, says foreign hackers are a constant adversary for firms like his. “If you look at the indictments of the Chinese military, that is perhaps the worst-kept secret in the security community–that a number of foreign-state actors have sophisticated teams who do battle with us everyday in cyberspace.” he tells Inc.
Recently, Peterson’s firm released a report, the Agari Q1 2014 TrustIndex, that revealed how weak security standards against email attacks are plaguing U.S. companies. Out of 133 companies surveyed, 100 of them were categorized as “east targets.” Among the 11 industries Agari rated, the greatest increase in ThreatScore (a measure based on how many malicious emails are sent to a company’s domain) was in the travel industry, which rose by 400 percent from the previous quarter.
Inc.: What has been the mode of attack lately?
Patrick Peterson: What we’re seeing the most in Q1 is these blitzkreig-like email attacks. Back two years ago, criminals used to collect some assets, go after an attack, and run it until it didn’t work anymore. Now, they’ll spend weeks perfecting the attack, invest in four or five pillars of that attack–creative email, a creative landing page, taking over legitimate servers so their emails come from trustworthy sources, perfecting malware in the way it gets downloaded.
They have multiple teams working on this and instead of rolling it out constantly and seeing what kind of success they had, they wait until they’re all lined up and ready to go to market, if you will, and basically launch this blitzkrieg rollout. They do this because they know there’s a half-life on their attacks as people figure it out, so this blitzkrieg makes it so [they] do the most amount of damage in the least amount of time possible. They basically run through the defenses before anyone can figure it out.
Are we seeing historic levels of hacking?
PP: I think it is an evolution, but we are seeing breakthrough levels of success by criminals in foreign states that have not ever been seen before. The phenomenon of criminals from foreign states getting access to data is not new, [but] their success in doing it and what they do when they have that data is truly revolutionary. In the past, they would hit Target and steal some encrypted credit card information. Now they are getting to a point-of-sale terminal and getting the credit card information in the 10 milliseconds before it’s encrypted permanently and irrevocably. Those are the types of things that aren’t just evolutionary. Once they succeed and have ecosystems and data synthesis going on, they’re now able to do far more damage than they could’ve before.
Read More At Inc.