Intelligent CISO Issue 02 | Page 78

Attackers can earn tens of thousands of dollars a month from cryptocoin miners .
decrypting myths help classify and defend data in their infrastructures . And finally , a variety of free tools are available that can help prevent and detect leakage of secrets through code repositories .”
Big data analytics , deanonymisation and correlation
Mr Skoudis went on to talk about the threat of big data analytics and how attackers are using data from several sources to de-anonymise users .
He said : “ In the past , we battled attackers who were trying to get access to our machines to steal data for criminal use . Now the battle is shifting from hacking machines to hacking data ; gathering data from disparate sources and fusing it together to de-anonymise users , find business weaknesses and opportunities or otherwise undermine an organisation ’ s mission .
“ We still need to prevent attackers from gaining shell on targets to steal data . However , defenders also need to start analysing risks associated with how their seemingly innocuous data can be combined with data from other sources to introduce business risk , all while carefully considering the privacy implications of their data and its potential to tarnish a brand or invite regulatory scrutiny .”
Attackers monetise compromised systems using cryptocoin miners
Johannes Ullrich , Dean of Research at SANS Institute and Director of SANS Internet Storm Centre , has been looking at the increasing use of cryptocoin miners by cybercriminals .
He said : “ Last year , we talked about how ransomware was used to sell data back to its owner and cryptocurrencies were the tool of choice to pay the ransom . More recently , we have found that attackers are no longer bothering with data . Due to the flood of stolen data offered for sale , the value of most
James Lyne , Head of Research and Development , SANS Institute
Ed Skoudis , a top hacker exploits expert , SANS faculty fellow and lead for the SANS Penetration Testing Curriculum
commonly stolen data like credit card numbers of PII has dropped significantly .
“ Attackers are instead installing cryptocoin miners . These attacks are stealthier and less likely to be discovered and attackers can earn tens of thousands of dollars a month from cryptocoin miners .
“ Defenders therefore need to learn to detect these coin miners and to identify the vulnerabilities that have been exploited in order to install them .”
Recognition of hardware flaws
Mr Ullrich , who produces a daily podcast to 35,000 technical cybersecurity

Attackers can earn tens of thousands of dollars a month from cryptocoin miners .

leaders on overnight attacks / developments in cybersecurity , said that software developers often assume that hardware is flawless and that this is a dangerous assumption .
He said : “ Hardware is no less complex then software and mistakes have been made in developing hardware just as
78 Issue 02 | www . intelligentciso . com