With increasing political tensions around the world translating to a proxy war in cyberspace, 2017 will see organizations increasingly having to defend against the threat of state-sponsored cyber attacks says Adam Vincent…
With state-sponsored hacking now a mainstay of the global threat landscape and cybercriminals pushing into new, powerful forms of ransomware, 2017 will be a challenging year for the security community. Organizations face new, powerful threats and adversaries playing a much longer game against specific victims. The era of so-called ‘scattergun be scams’ is gradually evolving into a trend for far more finely-targeted exploits designed to achieve strategic goals, both for the advancement of national policy and criminal gain.
What should organizations do to prepare? What will security teams have to face in the new year? Here are my predictions for 2017 - the threats, targets and responses that will likely define the year.
State hackers, ransomware and the IoT: threats on the up
2017 will see an increase in strategic state-backed hacking among developed nations, with more poorly-equipped countries jumping on the bandwagon with less sophisticated attacks. The use of cyber-espionage reached a new level of maturity in 2016. We will see an increasingly vocal response from western governments to escalating Russian hacking activity as we begin to move towards more codified rules of cyber-engagement. 2017 will still be a period of unfettered hacking activity, however, as state actors use aliases to mask their involvement. Organizations with any strategically useful information, whether in the public or private sector, must prepare themselves to deal with highly sophisticated phishing, infiltration, and data leaking campaigns.
The criminal element will also strengthen their powers in 2017, with ransomware establishing dominance as the most common form of financial attack. This prevalence will be a logical progression in cybercrime, as ransomware cuts out the middlemen and lets the attacker collect money directly from the victim, rather than needing to determine how to convert credit card numbers, account credentials or stolen data into money. The malware involved will become more powerful, incorporating strong encryption and therefore becoming harder to remediate if backups are not up-to-date.
Finally, large-scale DDoS attacks using the IoT as a source for botnet devices will become the new heavyweight menace. The few attacks that have been observed so far have been record-setting in terms of sheer volume, and if embedded devices in IoT networks can’t be patched, they will remain vulnerable to being co-opted into botnets. As a result, we can expect larger scale, more coordinated attacks leveraging IoT devices. Judging by the recent attack on the Dyn DNS system which took down several of the largest sites on the web (Spotify, Twitter, Netflix), the targets will be extremely high profile.
The media will come under fire
One of the most significant hacks of 2016 was the Russian attempt to silence investigative journalist firm Bellingcat during its research into the MH17 shoot-down. This is a trend we will see developing in 2017, as nations seek to edit or censor their presentation in the global press. Journalists who are seen as interfering in the affairs of Russia in particular can expect to be targeted, with the aim of infiltrating their systems and disrupting their activities.
We can also expect to see the tactics in this area turn personal. Bellingcat contributor Ruslan Leviev was subjected not just to professional disruption, but to personal targeting, with his private information being published in a defamatory attempt on his character. In 2017 journalists that are perceived to represent a threat to Russian and other national interests will risk having their emails, social media and databases hacked, either for information gathering or blackmail purposes. Data will no longer need to be directly pertinent to a story to be targeted: any personal information will be fair game.
State efforts will not be restrained to hacking. The information gathered in phishing attacks will be turned to the production of misleading or fake news - a hallmark of the 2016 US election - designed to further the state’s aims overseas. We will see state actors exerting influence over foreign populations by generating a media frenzy with intel extracted through cyber exploits.
State actors will also look to play the long game, infiltrating major media outlets’ servers and lingering before quietly intercepting information which could be used to further their aims. Media organizations will need to be wary, not just of smash-and-grab cybercrime but also dedicated spying.
SMEs will benefit from easy-access intel
While in the past couple of years threat intelligence was only accessible to the largest organizations with big security budgets, threat intelligence platforms are now making it possible for more companies and agencies to start threat intel programs. They can either do this on their own or with the help of a managed security service provider (MSSP) which can bring knowledge and expertise to an organization while bundling together security technologies tailored to meet its needs.
With the ever-increasing influx of data, security teams need to create an intelligence-driven approach to their cybersecurity defence/defense that is efficient and effective. Whether it is gaining access to threat intelligence from free, aggregated open sources and/or communities, or building upon a program that is already in place, companies need to take action to prevent attacks to their networks. While an organization may not necessarily be a target, they could be the gateway to a larger company or even a partner. Threat intelligence is a must-have at whatever level you can get it.
Adam Vincent is CEO, ThreatConnect.