Dr Markus Jakobsson overviews four trends expected to impact cybersecurity in 2017: nation-state attacks; an increase in hybrid attacks; leveraging the cloud; and advances in cyberattack insurance.
The start of the new year is an ideal time to take stock of the developments and trends of the last 12 months, and attempting to predict what comes next. While 2016 was certainly an erratic year for many reasons, few professional sectors have had such a wild ride as cybersecurity. While there is every chance 2017 will be just as unpredictable, there are four areas that are certain to be a major focus:
Nation-state attacks setting the agenda
In the span of just 10 years, Internet security abuses have transitioned from small-time crime propagated through poorly spelled email scams, to a deadly serious matter of national security. This past year, we have seen a new breed of politically motivated attacks, aiming to extract sensitive information alongside sowing chaos or making a statement. This is the likely motive behind the 2016 ransomware attacks mounted on members of the US Congress, and the reason for the 2016 attack on the Democratic National Committee (DNC).
The 2016 attacks on banks connected to the Swift network, epitomised by the heist on Bangladesh Bank, are another strong example. This straddled the fence between politics and profit by transferring massive amounts of funds to a politically ostracized regime.
It seems clear that sophisticated attacks from groups sponsored by nation states have become a new constant in the cyber landscape. Crucially however, the principal attack vectors are the same as those used by the familiar petty criminal scams. All the attacks described above involved deception and emails: many also involved delivering Trojans.
Once a group succeeds with a politically-motivated attack on a high-profile victim, we typically see a ‘trickle-down’ effect as criminals apply the same techniques against commercial organizations for financial gain. This means email will continue to be the most important tool in the cybercriminal’s arsenal for credential theft and malware installation, aided by an increasingly sophisticated social engineering component in the attacks. Social engineering will also be fed by data mined from the huge number of breaches that continue to occur, arming attackers with more accurate contextual information to increase their efficacy.
An increase in hybrid attacks
We will continue to see cyber criminals deploy targeted attacks that combine multiple threat vectors. These hybrid attacks can, for example, include deceptive email to deliver malware, paired with DDoS to complicate recovery from a malware attack. This type of attack enables online criminals to carry out their crimes and then hide their tracks.
The nation-state level attacks on the Ukrainian power grid and Bangladesh Bank both used these hybrid tactics, and we are now seeing this trickle down to lower levels of criminal attackers. Commercial enterprises should anticipate hybrid attacks being used to overwhelm their defences / defences, for example combining a business email compromise (BEC) attack with ransomware.
Leveraging the cloud
The huge adoption rate of cloud applications, services and infrastructure has helped legitimate businesses reduce costs, scale up and down as necessary, and improve overall productivity. Unfortunately, cyber criminals are reaping many of the same benefits, particularly when it comes to using cloud email services to facilitate targeted spear-phishing attacks aiming to install ransomware or facilitate BEC attacks. The more sophisticated criminals – such as organized gangs, nation-state actors, or particularly skilled hacktivists – are now using the cloud to replace older methods like botnets and compromised servers when it comes to conducting email attacks.
One of the most common ways we’re seeing the cloud taken advantage of by criminals is email identity deception, which includes email spoofing, display name attacks and look-alike attacks. In fact, the vast majority of successful attacks, whether carefully aimed social engineering attacks or a broadside salvo aimed at thousands of targets at a time, rely on some form of identity deception.
There are now many different ways to send deceptive messages using legitimate email infrastructure services, like Amazon Web Services (AWS) for example. CRM and marketing automation applications like Salesforce and Marketo can also be easily misused to send out both targeted attacks or campaigns hitting tens of thousands of users.
We anticipate this problem getting worse in 2017 as the use of outsourced cloud services continues to increase. The huge number of cloud-based email services available makes it very easy for criminals to use cheap services or even just free trials to get in and out quickly with almost no cost.
Advances in cyberattack insurance
Not all of the likely developments in 2017 are new threats: we also anticipate major developments in the way insurance companies address cyber risk. As they gain an improved understanding of the risk models associated with various types of attacks vectors and techniques, insurance companies will begin to offer more types of coverage geared towards cyber threats. We believe increased insurance involvement will go hand in hand with the development and deployment of security products corresponding to best practices.
This development will help usher in a more mature security marketplace, as the difference in premiums will play into the pricing of various security solutions and services, driven by actuarial insights as well as traditional market factors. This should help to drive better awareness of cyber product value at board level, as the ROI will be directly tied to insurance premiums. As a final knock-on effect, we’ll also see yet more demand for computer security experts, especially those with a good command of statistics.
Focus on email security in 2017
If anything is to be learned from 2016, it’s that we can never be complacent, especially when it comes to all things cyber. We are certain to see new cyber incidents making the headlines in 2017, including further nation-state level activity against both political and private sector targets. Along with that, we’re sure to see yet more inventive techniques from the criminals as they continue to try to outpace security technology.
However, whatever new surprises we see over the year, you can be sure that email will still play a crucial role as an attack vector, whether it’s stealing confidential data or delivering a malware payload. Focusing on email security, particularly on preventing spoof emails reaching their targets, will play a key role in locking out attackers and will be one of the biggest security priorities across 2017.
Dr Markus Jakobsson is Chief Scientist at Agari.