Organisations face new, powerful threats and adversaries playing a much longer game against specific victims. The era of so-called “scattergun scams” is gradually evolving into a trend for far more finely-targeted exploits designed to achieve strategic goals, both for the advancement of national policy and criminal gain.
What should organisations do to prepare? What will security teams have to face in the new year? ThreatConnect conducted much of the cutting edge research regarding the newsworthy breaches of 2016, including the DNC and WADA hacks. Here are our predictions for 2017 - the threats, targets and responses that will likely define the year.
1. State hackers, ransomware and the IoT: threats on the up
2017 will see an increase in strategic state-backed hacking among developed nations, with more poorly-equipped countries jumping on the bandwagon with less sophisticated attacks. The use of cyber-espionage reached a new level of maturity in 2016. We will see an increasingly vocal response from western governments to escalating Russian hacking activity as we begin to move towards more codified rules of cyber-engagement. 2017 will still be a period of unfettered hacking activity, however, as state actors use aliases to mask their involvement. Organisations with any strategically useful information, whether in the public or private sector, must prepare themselves to deal with highly sophisticated phishing, infiltration, and data leaking campaigns.
The criminal element will also strengthen their powers in 2017, with ransomware establishing dominance as the most common form of financial attack. This prevalence will be a logical progression in cybercrime, as ransomware cuts out the middlemen and lets the attacker collect money directly from the victim, rather than needing to determine how to convert credit card numbers, account credentials or stolen data into money. The malware involved will become more powerful, incorporating strong encryption and therefore becoming harder to remediate if backups are not up-to-date.
Finally, large-scale DDoS attacks using the IoT as a source for botnet devices will become the new heavyweight menace. The few attacks that have been observed so far have been record-setting in terms of sheer volume, and if embedded devices in IoT networks can’t be patched, they will remain vulnerable to being co-opted into botnets. As a result, we can expect larger scale, more coordinated attacks leveraging IoT devices. Judging by the recent attack on the Dyn DNS system which took down several of the largest sites on the web (Spotify, Twitter, Netflix), the targets will be extremely high profile.
2. The media will come under fire
One of the most significant hacks of 2016 was the Russian attempt to silence investigative journalist firm Bellingcat during its research into the MH17 shoot-down. This is a trend we will see developing in 2017, as nations seek to edit or censor their presentation in the global press. Journalists who are seen as interfering in the affairs of Russia in particular can expect to be targeted, with the aim of infiltrating their systems and disrupting their activities.
We can also expect to see the tactics in this area turn personal. Bellingcat contributor Ruslan Leviev was subjected not just to professional disruption, but to personal targeting, with his private information being published in a defamatory attempt on his character. In 2017 journalists that are perceived to represent a threat to Russian and other national interests will risk having their emails, social media and databases hacked, either for information gathering or blackmail purposes. Data will no longer need to be directly pertinent to a story to be targeted: any personal information will be fair game.
State efforts will not be restrained to hacking. The information gathered in phishing attacks will be turned to the production of misleading or fake news - a hallmark of the 2016 US election - designed to further the state’s aims overseas. We will see state actors exerting influence over foreign populations by generating a media frenzy with intel extracted through cyber exploits.
State actors will also look to play the long game, infiltrating major media outlets’ servers and lingering before quietly intercepting information which could be used to further their aims. Media organisations will need to be wary, not just of smash-and-grab cybercrime but also dedicated spying.
3. The government will up its cyber security game
Philip Hammond’s announcement that the UK government would provide ?1.9bn of extra funding for cybersecurity over the coming years indicates a major step-up in public cyber-response. With state-sponsored hacking making major headlines worldwide in 2016, we will see governments moving to block the negative effects of these attacks more proactively in the new year. Part of Hammond’s announcement related to cyber offense, so we are likely to see not just a reinforced ‘national firewall’ of defense mechanisms, but also a redoubled effort in terms of retaliation and retribution.
We will also see more collaboration between public and private organisations, as government bodies and enterprises look to benefit from shared information against mutual adversaries. We will begin to move towards a more unified national approach to cyber security based on information sharing communities, rather than a fragmented, secretive organisation-by-organisation approach.
4. SMEs will benefit from easy-access intel
While in the past couple of years threat intelligence was only accessible to the largest organizations with big security budgets, threat intelligence platforms are now making it possible for more companies and agencies to start threat intel programs. They can either do this on their own or with the help of a managed security service provider (MSSP) which can bring knowledge and expertise to an organization while bundling together security technologies tailored to meet its needs.
With the ever-increasing influx of data, security teams need to create an intelligence-driven approach to their cybersecurity defense that is efficient and effective. Whether it is gaining access to threat intelligence from free, aggregated open sources and/or communities, or building upon a program that is already in place, companies need to take action to prevent attacks to their networks. While an organization may not necessarily be a target, they could be the gateway to a larger company or even a partner. Threat intelligence is a must-have at whatever level you can get it.