Ah the dwindling days of February, when life begins to stir anew across the northern climes. Days grow longer, birds sing stronger, and spring hints at its arrival. Baseball fans revel in the thought of pitchers and catchers reporting, golfers sneak in the odd round and begin to think of the Masters, basketball fans turn their thoughts to season ending tournaments and the upcoming madness of March, and cybersecurity fans eagerly pour over the latest edition of Verizon’s Data Breach Digest.

Within the pages of Verizon’s Data Breach Digest we can devour the story of “The Hot Tamale,” chew on the details of the “Fetid Cheez,” chill on the story of “The Polar Vortex,” and surrender to the tale of “The Golden Fleece.” As one might surmise from the names of the schemes disclosed in Verizon’s report, the authors had some fun in creatively describing actual scenarios drawn from incident investigations conducted by Verizon. Basically, Verizon extrapolates from its data to create a series of scenarios that demonstrate the kinds of incidents organizations must guard against. Verizon’s premise is that there predictable combinations of cyber attack characteristics, and that by preparing for the kinds of incidents it portrays organizations can most effectively use their resources.

This year’s report offers four scenario groupings. They are “The Human Element,” focusing on human-related threat actors or victims, “Conduit Devices,” looking at device misuse or tampering, “Configuration Exploitation,” covering reconfigured or mis-configured settings, and “Malicious Software,” whose name pretty much gives away the threat category.

Here’s a snippet from what the report terms an “Internet of Things (IoT) Calamity, The Panda Monium,” involving an incident at a university campus. “The name servers, responsible for Domain Name System (DNS) lookups, were producing high-volume alerts and showed an abnormal number of subdomains related to seafood. As the servers struggled to keep up, legitimate lookups were being dropped–preventing access to the majority of the internet. While this explained the “slow network” issues, it raised much more concerning questions. From where were these unusual DNS lookups coming? And why were there so many of them? Were students suddenly interested in seafood dinners? Unlikely….

Within hours, I had more feedback than I could handle and began the review process. The firewall analysis identified over 5,000 discrete systems making hundreds of DNS lookups every 15 minutes. Of these, nearly all systems were found to be living on the segment of the network dedicated to our IoT infrastructure. With a massive campus to monitor, everything from light bulbs to vending machines had been connected to the network for ease of management and improved efficiencies. While these IoT systems were supposed to be isolated from the rest of the network, it was clear that they were all configured to use DNS servers in a different subnet.”

The preceding describes a threat of growing magnitude. In fact, the totality of Verizon’s Data Breach Digest offers a useful and interesting look at the cyber threats we face, and is well worth reading. As you read, do be wary of “The Assault of the Secret Squirrel.”

By Tom Davis, SDI Cyber Risk Practice

February 21, 2017