2017 once again proved that the cyber threat landscape is complex and constantly changing, dictating the need for comprehensive and responsive defences that step up to the real challenges that organisations face. AI-aided attacks, increased regulation and the exponential growth of endpoint and IoT devices present the opportunity for entirely new forms of risks to emerge, ever changing the face of cyber security. Darren Thomson, EMEA Chief Technology Officer at Symantec explores the key trends and threats to anticipate in the coming year.
The Cyber Cold War Escalates
As international tensions continue to go digital, much of this will remain unknown to the world stage. Nation states won’t be able to publicly peacock their cyber arsenal to intimidate or dissuade their enemies, at the risk of revealing their attack vectors and exploits. This underground warfare is already poised to be a major geopolitical weapon for world powers and rogue states in 2018, escalating the already high stakes and potential for destruction. Industries, critical infrastructure, supply chains and people will be the pawns in an escalating modern war unlike any before it.
The Rise of Mass Social Engineering
Mass social engineering will also become a crucial weapon in modern warfare, with machine learning and AI leveraged to construct more complex and highly targeted lures against citizens and organisations. The more mature use of data and analytics will see social media attacks conducted at a more impactful level, with the potential for high-profile impact leading us to question who and what we can trust. While fake news is likely to remain part of the picture in 2018, be prepared for social engineering to take new guises.
Infrastructure as a Priority Target
Stuxnet and Dragonfly already demonstrated the destructive potential of a targeted cyber attack against infrastructure, from banks and hospitals to transportation and even energy providers. These attacks typically exploit basic gaps in cyber defences, yet have the potential to have substantial, lasting damage to our world. 2018 could be a turning point: will organisations and businesses step up to the urgent need to address these major vulnerabilities, or will we see a landmark attack on a nation’s critical infrastructure?
The Dawn of Criminal AI and Machine Learning
No cyber security conversation today is complete without a discussion about AI and machine learning. So far, these conversations have been focused on using these technologies as protection and detection mechanisms. However, this will change in the next year with AI and machine learning being used by cyber criminals to carry out attacks. It is the first year where we will see AI versus AI in a cybersecurity context. Cyber criminals will use AI to attack and explore victims’ networks, which is typically the most labour-intensive part of compromise after an incursion.
The Financial Trojan Gold Rush
Financial trojans were some of the first pieces of malware to be monetised by cyber criminals. From simple beginnings as credential-harvesting tools, they have since evolved to advanced attack frameworks that target multiple banks, and banking systems, sending shadow transactions and hide their tracks. They have proven to be highly profitable for cyber criminals. The move to mobile, application-based banking has curtailed some of the effectiveness, but cyber criminals are quickly moving their attacks to these platforms. Cyber criminals’ profits from financial trojans are expected to grow, giving them higher gains as compared to ransomware attacks.
Supply Chain Attacks Become Mainstream
Supply chain attacks have been a mainstay of classical espionage and signals-intelligence operators, compromising upstream contractors, systems, companies and suppliers. They are highly effective, with nation-state actors using human intelligence to compromise the weakest links in the chain, as well as malware implants at the manufacture or distribution stage through compromise or coercion.
File-less and File-light Malware Explodes
2016 and 2017 have seen consistent growth in the amount of file-less and file-light malware, with attackers exploiting organisations that lack in preparation against such threats. With fewer Indicators of Compromise (IoC), use of the victims’ own tools, and complex disjointed behaviours, these threats have been harder to stop, track and defend against in many scenarios. Like the early days of ransomware, where early success by a few cyber criminals triggered a gold-rush like mentality, more cyber criminals are now rushing to use these same techniques. Although file-less and file-light malware will still be smaller by orders-of-magnitude compared to traditional-style malware, they will pose a significant threat and lead to an explosion in 2018.
Smart Devices Held to Ransom
Ransomware has become a major problem and is one of the scourges of the modern Internet, allowing cyber criminals to reap huge profits by locking up users’ files and systems. The gold-rush mentality has not only pushed more and more cyber criminals to distribute ransomware, but also contributed to the rise of Ransomware-As-A-Service and other specializations in the cyber underworld. These specialists are now looking to expand their attack reach by exploiting the massive increase in expensive connected home devices. Users are generally not aware of the threats to Smart TVs, smart toys and other smart appliances, making them an attractive target for cyber criminals.
IoT Devices Will Be Hijacked and Used in DDoS Attacks
In 2017, we have seen massive DDoS attacks using hundreds of thousands of compromised IoT devices in people’s homes and workplaces to generate traffic. This is not expected to change with cyber criminals looking to exploit the poor security settings and lax personal management of home IoT devices. Furthermore, the inputs and sensors of these devices will also be hijacked, with attackers feeding audio, video or other faked inputs to make these devices do what they want rather than what users expect them to do.
IoT: A Critical Backdoor
Beyond DDoS attacks and ransomware, home IoT devices will be compromised by cyber criminals to provide persistent access to a victim’s network. Home users generally do not consider the cyber security implications of their home IoT devices, leaving default settings and not vigilantly updating them like they do with their computers. Persistent access means that no matter how many times a victim cleans their machine or protects their computer, the attacker will always have a backdoor into victims’ network and the systems that they connect to.
Darren Thomson is CTO & Vice President for the EMEA Region at Symantec
Image Credit: Methodshop / Pixabay