The battle lines of cybersecurity have again been redrawn over the past 12 months, having witnessed the continually destructive fallout resulting from data breaches and endured the biggest ransomware attacks in history. Petya, NotPetya and WannaCry demonstrate just how easy ransomware is to weaponise and throw out into the wild, possessing the ability to create mass hysteria and crises at organisations worldwide impacting patients health condition, data, companies reputations, etc. While ransomware has garnered extensive media attention the past year, it is important to constantly remind ourselves that these types of attacks can often provide a smoke screen for far more targeted, invasive attacks. The next wave of cyber threats to hit the headlines may look considerably different so it is essential to consider how to improve overall nimbleness.
Equifax’s debacle is the latest reminder of just how susceptible even the most 'secure' data is. Enterprises must operate under the assumption that they are in a perpetual state of compromise and clearly define appropriate APT attack risk management strategies. Every company should have the means to rapidly detect and respond pre-emptively to an initial compromise or enterprises will remain vulnerable to having their information stolen and or their customers’ posture at risk by cyber criminals.
Here are some thoughts about what to expect in the cyber landscape during 2018.
It is important to note that the ruthlessness of attackers is not the only driving factor. Equally, technological innovation makes companies susceptible to attacks for opportunist hackers to capitalise on. The implementation of business innovation together with sound cyber strategies will enable companies to get the upper hand.
- We'll see more attacker activity against global wire transfer and financial messaging systems within banks, especially those outside of the US. Since the infamous Bangladesh heist, the continued spate of attacks such as the one incurred by Russian bank Globex that ended 2017 highlights the vulnerability of international wire transfer systems, the need for banks to bolster their cyber defense and the increasingly sophisticated techniques deployed by attackers.
- Equifax's recent breach will invoke discussions on additional regulations around personally identifiable information (PII). Safeguarding sensitive data of employees and customers is paramount and it is likely companies will be forced to step up security measures. A holistic approach to protecting PII should be undertaken, involving people, processes and technology, alongside advanced security.
- Similar to the way particular cybercrime groups have developed specific tools and techniques to compromise wire transfer systems, we expect more specialised efforts to attack proprietary technologies. Although compromise of mainframe systems may be a more common occurrence than is currently publicised, we believe cyber attackers focus greater attention on these and other critical legacy systems that are often overlooked by security teams who focus on protecting the latest mobile or cloud-based innovations. According to IBM, mainframes are the epicentre of financial services for thousands of global organisations including 92 of the world’s top 100 banks, posing an attractive higher value target for attackers. These systems currently support 29 billion ATM transactions a day and 87 per cent of all credit card transactions . Mainframes can also be utilised for multiple different attack scenarios, particularly espionage. From a single location, an attacker could gather significant competitive or strategic intelligence.
- Attackers will start exploiting additional (non-SWIFT) financial payment and messaging systems, including ACH (Automated Clearing House). The ACH network oversees more than 90 per cent of the total value of all electronic payment transactions including payroll, direct deposits, tax payments and consumer bills, batching them together and processing them at specific intervals in the day, so rewards would be particularly lucrative for hackers. According to NACHA, the ACH network increases on average by upward of $40 trillion a year.
- Social engineering will continue to be the most prominent way of penetrating networks. Be it via phishing, phone calls, pretexting or other such techniques, savvy hackers will exploit the one weakness that is found in every organisation: human psychology.
- Once GDPR goes into effect in May 2018, the most serious violations could result in fines of up to €20 million or four per cent of turnover (whichever is greater). Non-complying global corporations could be penalised billions of dollars with potentially devastating effects to the company itself as well as the economy. This should spur enterprises into immediate action and though no one wants to be the last to adhere to regulations, we know that organisations move slowly and human nature is to delay. The first hefty fine levied will motivate corporations to achieve compliance with the new regulations. The immense size of the proposed fines show just how serious and imperative it is for enterprises to execute the necessary steps to collect, manage and protect customer data. As the details of Uber’s breach now unfold, the global transport tech giant could easily be made an example of with an enormous fine due to hiding this from regulators and paying hackers for the cover up, ahead of GDPR coming into play.
- In an increasingly hostile geopolitical climate, we'll see expanded attacker activity emanating from North Korea and others. The likes of WannaCry, the biggest ransomware cyber attack the world has ever seen, serves as an example of the scale and disruption nation-state actors can create around the globe.
- We'll see an increase in disruptive malware activity whereby critical infrastructure such as banking systems are targeted (e.g. changing journal data.). The motives behind such attacks are to destabilise economic infrastructure. What happens if banks cannot trust their own data and, thereby, consumers can’t trust their banks?
Ofer Israeli, Founder and CEO, Illusive Networks
Image Credit: Maksim Kabakou / Shutterstock