Security researchers with IBM have named "onion-layered" security incidents one of the top cybercrime trends they are observing in Q4 2015. In their report IBM X-Force Threat Intelligence Quarterly, 4Q 2015, the researchers explain that an onion-layered security incident involves a second, more damaging and sophisticated attack that follows an initial intrusion. Typically, the actors involved with this type of an attack include a script kiddie, who might be careless about getting caught, and a stealthy attacker, who could remain undetected for weeks or even months until researchers have had a chance to peel back the layers of the root cause of the attack. As reported by SecurityWeek, a common onion-layered security incident involves the use of distributed denial of service attacks which, according to Corero Network Security, could leave just enough bandwidth for more sophisticated attack vectors to "fly in under the radar" and exfiltrate data while researchers are preoccupied with restoring service. These and other similar intrusions could therefore persist for some time before researchers ultimately find the root cause. IBM explains:
"Of all the incidents that the [IBM Emergency Response Services] ERS teams encountered, these complex, multi-layered attacks were the most demanding of investigative time and resources to ascertain the facts, find the root causes, develop a timeline of events, and provide the client with recommendations on how to resolve the issues that allowed the attackers to get into their network."
Source: IBM Security Intelligence IBM X-Force also observed that CryptoWall, CryptoLocker, and other ransomware variants continue to exploit unpatched vulnerabilities in order to infect users' machines and that malicious insiders remain an ongoing danger to organizations. For its final trend, however, researchers noticed an increased interest among executives and management regarding cybercrime prevention. This heightened focus could lead organizations to implement more robust security defenses in the near future, giving information security professionals a louder voice in their enterprises as high-profile hacks and breaches continue to make headlines. You can learn more about IBM's report by downloading the publication in full here.
