2016 has been an interesting year in cybersecurity, with a number of significant data breaches, high profile hacks and cybersecurity-related costs to business continuing to rise.
When speaking at IP Expo 2015 I predicted that this year would be the year of the industrial control attack, and that’s proved to be quite accurate. At this year’s conference, I was asked what 2017 might hold. In my view next year will be the year of the “data bandit”. Traditionally cybercriminals have attacked large enterprise organisations. While this will continue, I predict that the bad guys will be looking for new avenues to increase their profits and reduce their risk. Therefore, I expect a shift in their focus to include attacking individuals and citizens.
The adversary used to steal and sell individual pieces of data – e.g. credit card data, healthcare records, intellectual property etc. – as discrete products to buy. However, I believe they are starting to build collections of stolen data, often from multiple attack sources and bringing them together to create a more valuable combined package, which increases the relevance, marketability and ultimately threat to the end victim. It is possible that they harvest stolen information, and hold it for several weeks or until they have a package that they can group together to sell on the black market or dark web to their illicit customers.
This stolen information may not be used by the attacker for quite some time after the initial theft, and therefore the victim may not even know they were a target until this package of data hits the market. This can make the impact greater, and the ability to detect the breach quite challenging. Organisations and individuals need to understand the value of the data that they store, use and process so that they can apply the appropriate protection to their critical and sensitive information, as opposed to trying to protect everything.
Encrypting the critical “crown jewels” data is essential, as is deploying tools, systems and processes to detect the bad guys in near real-time so that organisations can disrupt their business model and reduce the value of the data they are stealing. These changes in the way cybercriminals operate – as detailed in our Business of Hacking report earlier this year - change the way we have to think and act as security people. For those of us defending against malicious attacks there is often an artificial barrier between technology and security, because at the moment we don't talk the same language.
Considering our adversaries are no longer limiting themselves with that artificial barrier between business and technology, it seems strange that defenders should as well – we need to stop talking about technology and start talking about value, and security teams will need to start understanding how to break that down for executives at board level. It’s not enough for them to see cyber risk as a technology issue, we need for them to start thinking about cyber threats as what they really are – business risk. But the data bandit is not the only cybersecurity trend to watch out for in 2017, there are a number of other things I think we’ll see too.
I think we’ll also see an increase in the number of rookie hacktivists and hobby hackers in 2017, driven by increasing pop-culture references and media attention on cybersecurity. These attackers will be less sophisticated, often using off-the-shelf tools for nuisance attacks, such as web defacement, DDOS as-a-service, and even port scans. These attacks will mostly cause an increase in noise for organisations, since the adversaries won’t have the skills for lateral movement, but any trouble they could cause will be in the reputational damage to the company brand.
Internet of theft
While more security features will be built into IoT devices in 2017, making IoT inherently more secure, a large number of existing and new devices will be used as the platform to launch targeted breaches and DDoS attacks. In 2016, and particularly recently, we have seen several major DDoS attacks using IoT devices such as IP cameras and SOHO routers.
IoT sensors, with their limited computing power are only as secure as the firmware running on them, with their security very much dependent on device manufacturers. Successful attacks on IoT sensors are difficult to detect because of the limited access to a device’s system state, and in 2017 we will see more attackers focusing on compromising exactly those edge devices.
Breaking the bank
I also think we will see an increase in the number of reported attacks on banking services and banking system breaches in 2017. Following several reports of major successful attacks on SWIFT electronic transaction systems in 2016, I expect to hear a lot more about similar breaches as banks discover more attacks and realise that sharing details about them is the responsible thing to do.
Motivations and the blame game
More countries will accuse each other of politically motivated cyber-attacks in 2017. Following several major politically motivated breaches in 2016, such as the DNC hack, we will see an increase in politically motivated cyber-attacks conducted by the world’s cyber superpowers. Those attacks will likely result in disclosure of confidential documents and information with the goal of compromising the target’s reputation. However, attributing attacks to nation states will also be increasingly difficult and we are likely to see many incorrect identifications of attackers in order to collect political points and deny responsibility for breaches.
The final thing I think will be a major feature of 2017’s threat landscape is the DDoS attack. Firepower in 2016 has increased to frightening levels, allowing attackers to launch attacks using bandwidth in the range of Tbps, requiring specialised DDoS protection that can be provided only by very few organisations in the world today. In 2017, this ever-increasing DDoS force will be used to attack internet infrastructure of whole countries in support of a physical military attack. With increased military tensions in several places in the world today, it is likely we will see more DDoS attacks in 2017 dedicated to taking whole countries offline.
Tim Grieveson, Chief Cyber & Security Strategist – EMEA, HPE Security Products at Hewlett Packard Enterprise
Image source: Shutterstock/Sergey Nivens