The Ring of Fire map from Radware tracks vertical markets based on the likelihood that organizations in these sectors will experience an attack.
The Ring of Fire reflects five risk levels ranging from a low likelihood of an attack to a high likelihood. As sectors move closer to the red center, organizations in these sectors are more likely to experience a denial-of-service or other cyber-related attack at a higher frequency then the others. Mitigation assumptions should move in lockstep with the risk level. When this does not happen, the likelihood of a cyber-attack resulting in a data center outage or service degradation increases drastically. Organizations in the center are wise to take swift action—adjusting mitigation strategies and solutions to reflect the new risk level from threat actors.
There have been a few changes to the Ring of Fire since last year’s report. Telecom, government institutions and gaming companies have stayed at the center of likelihood while the financial services industry has moved toward the center. Retail, education and healthcare industries remain stable, but technology companies are moving away from the center. Energy and utility companies remain in the low risk level due to tighter security. In addition to industry, company size can be a predictor of likelihood to be attacked. The larger the business, the greater the chance.
This year’s likelihood for high risk included financial services, government & civil services, service providers and the gaming industry. Education was a high risk last year but has since slipped down to a medium risk. In 2016 the financial sector saw several different vectors of attack launched against the industry, making it the most targeted sector. Denial-of-service was one of the more popular vectors and a persistent one, as Anonymous carried out OpIcarus, a year-long operation designed to target financial institutions. Government service came under heavy fire due to hacktivist and state-sponsored attacks. Anonymous operations such as OpRight2Rest, OpGaston and OpLGBT targeted several government services as a reaction to political events. Service providers have found themselves in a high-risk spot since they are not just a primary target, but also a secondary target for massive DDoS campaigns. Attackers tend to target companies directly with network and applications floods. However, when the volume exceeds the infrastructure capacity, they begin to create trouble for the “neighborhood” as the network pipes become saturated. For the gaming industry, large-scale DDoS attacks resulting in network outages and service degradation have become everyday occurrences. The main motivation is simply the thrill of disrupting game play and tournaments. A secondary driver: trolling crucial moments when gamers are trying to take advantage of game specials and bonus points.
This year’s likelihood for medium risk included retail, health and education. Education slipped this year to a medium risk, but still dealt with several threats. This year the educational system came under fire as vendors on the Darknet began offering school hacking services. This year we also saw 444 school networks in Japan go offline simultaneously in a massive cyber-attack. In most cases, it’s either a student looking to delay a test or manipulate the registration process, or a personal attack by a student or staff member in aggression towards the school. The healthcare industry has found itself under attack this year for several different reasons. This year we have seen an actor named The Dark Overlord on the Darknet leak several hospital databases, and Anonymous hacked into the database of multiple Turkish hospitals and medical institutions. The attackers ultimately gained control of patient records in retaliation for a series of attacks on U.S. hospitals in the form of ransomware attacks earlier this year. Retailers have been the target of a wide range of DDoS and Ransom Denial-of-Service (RDoS) attacks over the past few years. The results are network outages that prevent customers from purchasing items, thus leading to a loss in revenue. In Switzerland this year, the website for Swiss Federal Railway (SBB) and two of the country’s largest retailers, Coop and Migros, had their websites taken down, preventing customers from accessing their sites. These DDoS attacks on retailers are often a smokescreen for more sinister acts like DDoS for ransom or large scale data breaches targeting payment systems and customer data.
This year’s likelihood for low risk includes energy & utilities and technology companies. Technology companies are targeted often but remain a low risk due to the nature of these businesses. Most technology companies are aware of the threat model they face and have taken steps to prepare for a cyber-attack. Some have even begun offering bug bounty programs in an attempt discover bugs before criminals do. For the energy and utility companies, the threat landscape remains stable due to segregation of most of these company’s networks. Even so, this industry remains a valid target for hacktivist due to environmental concerns.
Learn more about Radware’s Ring of Fire in our comprehensive 2016-2017 ERT Report.
Read the 2016–2017 Global Application & Network Security Report by Radware’s Emergency Response Team.
Daniel Smith is an information security researcher for Radware’s Emergency Response Team. He focuses on security research and risk analysis for network and application based vulnerabilities. Daniel’s research focuses in on Denial-of-Service attacks and includes analysis of malware and botnets. As a white-hat hacker, his expertise in tools and techniques helps Radware develop signatures and mitigation attacks proactively for its customers.