Over the past two years, the cyber-crime industry has undergone a massive transformation, becoming larger, more sophisticated, and more adaptable than ever. Both 2015 and 2016 were record breaking years in terms of large scale hacking events, data breaches of big-name tech companies, and the emergence of new and ever more insidious attack techniques. In the first three months of 2017, we’ve already seen hundreds of Gmail users targeted by a phishing scheme, Turkish hackers hijacking high profile Twitter accounts (BBC, UNICEF USA, Forbes, Justin Bieber) to spread political messages, and several prominent brands and organisations (Association of British Travel Agents, Cellebrite, Esea, Supercell, Freedom Hosting II, PlayStation and Xbox forums, Wishbone, Cloudflare and Cloudpets) publically acknowledging major data breaches.
This week, we thought we’d look at the bigger picture and make some predictions on how the cyber security landscape will evolve and change over the course of 2017, as well make recommendations on how organisations can protect themselves from emerging threats.
Cyberattacks will continue to target specific industries
In 2016, the global healthcare industry was targeted by numerous ransomware attacks. Hospitals in Germany and the US suffered downtime and were extorted for thousands of dollars by attackers, whilst in the UK, three hospitals were exposed to a malware attack that resulted in the complete shutdown of their systems and operations. In 2017, cyber criminals will use automated targeting to target specific industries and corporations to extract a bigger payload. Industries likely to become prime targets for cyber ransoming include transport, energy and utilities, manufacturing, supply chains, and critical infrastructure.
Management Solution: Companies need to go above and beyond the compliance minimum
One prominent reason the healthcare sector was so vulnerable to attacks in 2016 was its focus on meeting minimal compliance standards, rather than creating a robust security strategy able to effectively mitigate emerging threats. If you belong to one of the industries likely to be targeted by cyber criminals in 2017, it’s crucial to invest in a comprehensive cyber health check that can identify vulnerabilities your industry compliance standards may not cover.
Data will be weaponised
Most readers are familiar with the concept of a data breach, but in 2017, it’s data integrity attacks that will be leveraged to threaten the livelihood of organisations. A data integrity attack involves compromising or sabotaging confidential data to cause financial or reputational damage. Given that many organisations place a huge emphasis on data in their decision-making processes, the manipulation of data by unauthorised users has the potential to send a company under. For companies with reputations built on confidentiality or accuracy, such as medical testing facilities or banks, a data integrity attack could ruin their reputation.
Management solution: proactive monitoring
To effectively manage data integrity attacks, companies need to stop relying on an alert system to identify threats and begin actively searching through their networks to monitor behavioural patterns and flag unusual activity.
Botnet-driven, hybrid DDoS attacks will become the weapons of choice
In 2016, the botnet attack on DYN (the DNS provider supplying services to Spotify and Reddit) caused mass panic, and the release of the Mirai source code on HackForums made it easier than ever for criminals to launch DDoS attacks. This year, the scale and frequency of botnet-driven DDoS attacks is set to increase with multi-vector DDoS attacks on the Terabit-scale with the potential to disable large organisations, governments, and even countries. The multi-vector element enables criminals to not only extend the downtime caused by an attack, but also hide their tracks more effectively.
Management solution: DDoS specific continuity planning
Given the proliferation of DDoS attacks, companies need to have a business continuity plan specific to this type of cyber-attack. DDoS mitigation tactics designed to maintain the availability of critical online properties, as well as detect, classify and mitigate a DDoS attack, should be part of every Australian business’ continuity plan.
Ransomware attacks will continue to increase
We’ve already discussed the rise of ransomware, and in 2017, ransomware attacks are likely to become more sophisticated and varied. According to security firm Watchguard, criminals will create hybridised ransomworms, which is ransomware with the auto-propagating characteristics of network worms enabling it to endlessly duplicate and spread across an entire network. Security firm Sophos says that as email ransomware attack awareness grows amongst end users, criminals are experimenting with malware that reinfects after a period, or working around endpoint protection codes by eliminating the need for executable files. Criminals are also increasingly using the RSA encryption algorithm and the Advanced Encryption Standard (AES) algorithims in their malware in order to increase the security and storage of network keys and more effectively cover their tracks.
Multilayer security and user awareness
Effectively managing the threat of ransomware requires a proactive, multifaceted approach including a sophisticated cloud backup, multilayered endpoint security, user education, and user role management.
More companies will be exposed to insider attacks
In 2016, several large companies (Sage, Expedia) were victims of insider attacks, and with the proliferation of DDoS, malware, and ransomware-as-a-service making it easier for disgruntled employees to retaliate, we will see a rise in these types of attacks in 2017. Another factor contributing to the rise in insider attacks are instances of cyber criminals targeting employees and offering them money in exchange for access. Insider attacks are much easier to execute and harder to detect, so instead of designing vectors to overcome sophisticated software, many criminals seek an easier payload through an inside connection.
Greater insight into internal systems
Because insider attacks are unlikely to set off a network security ‘alert’ like an external threat would, companies need to become proactive in monitoring unusual network activity with a security information and event management (SIEM) system, as well as employee behaviour.
IoT and cloud will be targeted
Two of the biggest technological innovations of the last decade, IoT and cloud have expanded the attack surface and it’s likely we’ll begin to see hackers take advantage of this in 2017. Although cloud is more secure than an on premises server, it still has vulnerabilities which criminals are beginning to exploit as more organisations migrate to cloud. Cyber criminals may target a major cloud provider to cause reputational damage (although targeting a specific company network or user would be difficult) or use the cloud as either a volume multiplier, or as a vehicle to spread encrypted files. A far more pressing concern than cloud, however, is the vulnerability of IoT. Many IoT designs lack proper security planning and are very difficult to patch. As a result, companies who incorporate IoT devices into their network have made it much, much easier for hackers to attack using crude tools such as worms.
Controlled deployment and use
Companies need to be extremely critical of the IoT devices and cloud products they choose to invest in, and must be vigilant about updating as soon as patches are released.