Most cyber threats never really die, they just evolve. Some become more dangerous and sophisticated, some morph into new threats and others become more manageable over time. More frequently, new threats surface that require different controls and mitigation approaches. So it is with the collection of threats confronting enterprises this year.
The Ransomware Scourge
The success that threat actors have enjoyed in extorting money from individuals and businesses via ransomware is certain to fuel more sophisticated and targeted attacks this year on desktop and mobile systems.
In 2016, cyber criminals increasingly began using spear-phishing, malware kits and watering hole attacks for distributing ransomware. Malware samples became a lot more potent with Mamba and Petya fully encrypting hard disks on infected systems for the first time. Barriers to entry all but disappeared with the growing availability of do-it-yourself ransomware kits and ransomware as a service business options.
The full effects of these trends will play out this year, as more cyber criminals – emboldened by the success of their peers – join the feeding frenzy. Surreal as it may sound to many security executives, organizations will need to implement formal processes for dealing with the aftermath of a ransomware incident. Policies regarding whether or not to entertain ransom demands will need to factor in the possibility that extortionists may not free the date they locked up even after they have been paid.
Meanwhile, best practices for protecting your network from ransomware include regular data backups, leveraging file sync and share technologies, configuring least-privilege access controls, application whitelisting, stringent spam and phishing email filtering, and network segmentation.
IoT: Internet of Things, or Internet of Threats?
The Mirai botnet attacks last year highlighted the massive threat posed to organizations by security vulnerabilities in the countless products that people and businesses have begun connecting to the Internet these days. Expect to see cyber criminals probe these vulnerabilities to try and gain access to enterprise networks or to launch denial of service attacks and other malicious campaigns.
A couple of factors exacerbate the situation. Many organizations continue to be dangerously unaware of the IoT devices on their networks and, therefore, the extent of their exposure to IoT-borne threats. Vulnerable IoT devices – especially those designed for consumer use – are also not always easy to patch and will continue to present an opportunity for hackers until the devices are replaced.
Among the IoT attacks to watch out for this year will be those that seek to compromise industrial control and manufacturing systems, healthcare devices, and production systems. Disruption and damage will be big objectives in many IoT attacks. IoT monitoring and connection security will assume increased importance for organizations as a result of these threats.
Best practices for IoT security are still emerging, but organizations should be considering issues such as who takes ownership of IoT risks, secure configuration of IoT devices and IoT connection security
Terabit-scale Distributed Denial of Service Attacks
If the attacks on DNS service provider Dyn and French ISP OVH late last year are any indication, distributed denial of service (DDoS) attacks will get bigger and harder to mitigate in 2017. Both the attacks reportedly generated traffic in the 1 Tbps range, making them the largest ever DDoS attacks to date.
Look for more such attacks in 2017, both in terms of scale and sheer volume.
A couple of factors will drive the trend. The first, of course, is IoT vulnerabilities. As the Mirai attacks showed, vulnerable webcams, routers and other IoT devices can easily be assembled into massive botnets for launching terabit-scale DDoS attacks.
The other big factor is the easy availability of malware code for assembling IoT botnets. Soon after the attacks on Dyn and others last year, the author or authors of Mirai publicly released the code behind the malware. This move all but guaranteed an increase in volumetric-, protocol- and application level-DDoS attacks this year.
Best practices such as decentralizing data centers and data center networks, ramping up bandwidth and using DDoS mitigation services will become increasingly important this year as a result of these trends.
The attacks on the Democratic National Committee (DNC) website and on electronic voting systems in Arizona and Illinois in the months leading up to the 2016 Presidential election served as an eye-opener on the use of cyber for information warfare.
The attacks raised substantial questions about the integrity of the U.S. electoral system and the potential role of a foreign nation in influencing the outcome of a U.S. presidential race.
The ripple effects of those attacks will be felt this year as the U.S. and its adversaries try to shore up their offensive capabilities in cyberspace. Topics such as cyber deterrence, attribution, and response will assume more importance, as will the use of social media networks for information manipulation and fake news dissemination.
Enterprises will need to pay attention to these developments. Organizations that sell to government or support them can come under attack by nation-state actors or they could be targeted for intelligence gathering and espionage purposes.
As 2017 security strategies are crafted and updated throughout the year, it's important to know the risks of ransomware, IoT, DDoS and information warfare and understand the repercussions that can arise if proper security is not taken. Working with a Managed Service Provider for security options like Security Information and Event Management can help to detect and react in a number of minutes against these threats.
Have you been personally affected by a cyberattack? What do you do to prevent an attack from happening? Let us know in the comments.