Clicking that link
A reader writes:
One of my biggest challenges now is to accurately characterize the emerging threats of cybercrime and cyber espionage. Nobody wants to hear the bad news and the additional costs, but it’s only going to get worse. The trick for everyone is to determine the right level of response.
I'd argue that the best approach for the cyber criminal is social engineering: getting the unwary to click. OTOH, I see a greater awareness of "don't click if you don't know." Elderly relatives I assist with computers are now paranoid about clicking on anything!
I suppose the issue for the reader might be dealing with protecting the IP [intellectual property] surrounding drawing files? What about stealing license numbers from authorized users: is this an issue?
According to an FBI briefing that I attended, 77.3% of malware installs require someone to open an email attachment or click an email link. On the average:
- 23% of recipients open phishing emails
- 11% click on attachments
More than 85% of the attacks were targeting secret information. Most companies are astonished to find out they’ve been hacked by foreign intelligence services (FIS) when they are contacted by the FBI. In 2013, the FBI notified 3,000 US companies that they’d been hacked.
The FBI did their own security tests on US government security simply by leaving USB devices and CDs around. If I remember correctly, the CDs crudely marked with a Sharpie [felt pen] that read something like “August Reorg” were opened over 80% of the time!
Drawing IP is indeed important and can be monetized in many ways. For example, let’s say someone got your patent drawings and then quickly submitted a bunch of similar patents in that same area.
Much bigger in my opinion than license stealing is the use of cracked software. Obviously CAD vendors lose some revenue from this practice, but what most people don’t realize is that anyone who cracks CAD software can also easily insert additional code to quietly harvest sensitive information from the user’s company on an on-going basis.