The era of mere prevention is long gone. In 2015 alone, 70 per cent of UK companies experienced some business downtime as a result of security incidents. As the threat landscape continues to become more sophisticated, it's time to reflect on the headline hacks and most malicious malware of 2015 and take a look at the year to come.
This year’s headline hacks
1. Ashley Madison – 2015 showed that the more popular or controversial the website, the higher the risk of attack. Ashley Madison fell squarely into the provocative box, making it a prime target for hackers. The controversial dating site was hacked in July, and data belonging to its 33 million members was leaked onto the so-called dark web. However, by encrypting personal data while it remains active and in use, organisations can more effectively protect data even if the network is compromised. Users also need to look at what steps the organisation has in place to protect their sensitive data before signing up for any website.
2. Anthem - The US Office of Personnel Management and health insurer, Anthem was breached in February, representing one of the largest cyber attacks of its kind and Sakula malware was successfully used to breach over 100 million files. This attack is an important reminder that any company that possesses personal or financial information represents a high value target for determined attackers that want to obtain specific information.
3. TalkTalk – A total of 157,000 customers had data stolen in October’s cyber attack highlighting why organisations need to adopt a mindset that ‘it’s not if but when’ they will be compromised. Enterprises need to be prepared for an attack by making sure they are on the front foot and able to quickly respond. Investment in technologies that rapidly detect and respond to sophisticated, targeted attacks need to be made a priority. Only then, will organisations be able to level the playing field and successfully compete against the bad guys.
Most malicious malware
4. Kjw0rm – State sponsored attacks continued to emerge in 2015 with cyber terrorists, organised syndicates and even foreign governments developing malware designed to take control of systems and operations. What’s important to remember is that the techniques, tactics and procedures from nation states - whether advanced or not - tend to make their way into the arsenal of the broader cyber attacker community.
5. Dridex – Time and time again, we have seen that cyber criminals have to allocate time, money, and resources efficiently to stay 'in the game'. Dridex was developed by skilled cyber criminals that use email to deliver infected Microsoft Word documents that capture online banking details - a quick and easy way to breach a network for financial gain and often with very little investment from the exploiter.
6. Dyre – In a digital age, the majority of exploit programmes are coming from content-delivered attacks with tactics like phishing, spear phishing and whaling on the rise. Dyre is just one example of where customers from some of the UK’s biggest banks have been targeted as part of major phishing campaigns using notorious malware that is designed to steal financial data. Organisations need to take it upon themselves to educate their consumers and promote best practice approaches towards unexpected emails and links – treating those from unfamiliar and familiar users with caution.
7. Ransomware – Both businesses and consumers have been victim to this strain of malware that restricts users access to a network, usually by encryption. Attackers then demand a ransom in return for decrypting the network and returning control to the rightful users so that they can get back in to the system. To prevent network admins having to pay hackers for access to their own systems, a combination of endpoint security and network monitoring is needed to identify and isolate any suspicious activity before cyber criminals take hold.
8. Ghost Push – The rise of malicious apps available on app stores means that close to a million Android devices have been infected and highlights the need for organisations with BYOD policies to be vigilant and remember that access management remains of the utmost importance. Enterprises need to know which devices have access to the network, who is responsible and introduce an extra layer into network security that monitors the activity happening on each endpoint for any malicious warning signs.
The cybersecurity landscape in 2016
9. Security automation transforms the role of the CISO - As the threat landscape grows, security will become increasingly automated, enabling multiple cyber response efforts that tackle threats at machine speeds. This will also mean the day-to-day role of the CISO is going to change. CISOs will shift away from managing IT operations and instead focus on delivering value to the business by providing consultancy on security policies, training and compliance initiatives that deliver value.
10. There will be a headline-grabbing event from terrorists in the cybercommunity - The anonymity of the dark web means that covert communities have emerged that use hidden web services to communicate. To combat this, we will see commercial players and governments work together more closely to share knowledge of emerging networks that criminals are using to communicate and co-ordinate.
11. Countries are facing ‘cybergeddon’ as critical infrastructure comes under growing attack - Across all industries, the mesh of connected devices is expanding, as is the app and service architecture that underpins it. However, as the number of endpoints increases so does the risk of attack. Ukraine’s power grid was recently shut down following an attack targeting regional power companies – the result of a “suspected” cyber attack on the country’s energy infrastructure. It's now more critical than ever for organisations to be able to persistently correlate threat intelligence from within networks and actively respond to prevent serious disruption.
12. The year of mobile - Consumers are revoking access to their data but continue to store highly personal information on phones, more so than any other endpoint. Yet, we still don’t think seriously about smartphone security. Over the next year, this now ubiquitous technology will come under increased attack with highly targeted mobile malware continuing to break into the mainstream.
Steve Donald, CTO of Hexis Cyber Solutions