· The Rise of the Netherlands and Lebanon. Seemingly benign nation states such as Lebanon and the Netherlands are rising in the ranks of nation-sponsored attackers. The motivations for this rise are unclear, although both countries made headlines this year with cyberattacks: Lebanon for spying on thousands of people across 20 countries via an Android malware campaign; and the Netherlands for penetrating Russia’s Cozy Bear organization and uncovering the hack of the Democratic National Committee during the 2016 presidential election in the U.S.
· Cyber-Social is the Next Front for Nation States. Nation-state-sponsored attacks are expanding from “cyber-physical,” where the objective is to compromise data or critical infrastructure, to “cyber-social,” where the goal is to use social media to influence the opinions and actions of large populations of people. Russian cyber-social exploitation of European and American elections showed how relatively easy and cost-effective these can be, which dramatically increases the likelihood that this class of exploit will be exploited by a growing number of nation states, hacktivists and other groups in the future.
· Critical Infrastructure has been Breached. The utilities and energy industries experienced high indicators of exploit activity without any high-profile breaches. This suggests that attackers have access to critical infrastructure but are waiting to exploit this access in response to events such as war, or attacks on their own infrastructure.
· Healthcare IoT is Vulnerable. The Internet of Things (IoT) continues to suffer from weak security fundamentals and unmitigated vulnerabilities. The healthcare IoT is particularly problematic due to the increasing numbers of networked medical devices and the potential damage that could occur should those devices become compromised.
· Phishing Remains the Delivery Vehicle of Choice. Despite years of technology countermeasures, publicity and education campaigns, phishing remains the number one malware delivery mechanism. Additionally, while modern email security solutions can detect and stop emails with malicious attachments, they are still largely impotent against detecting hyperlinks to malicious websites.
· Protecting the Brand Rises in Importance. Brand security threats were the second most common source of alerts for Optiv during the year – behind phishing attacks, but ahead of typical security concerns such as data leakage and web vulnerabilities. These alerts were generated in response to the presence of “phony, misleading or malicious sites,” raising the importance of brand risk in the hierarchy of enterprise security concerns.