AppRiver’s manager of security research, Troy Gill, has analysed threat trends over the last 12 months and offers his perspective of what lies ahead…
Evolving malware: More sophisticated malware will continue to defeat detection by hiding in common services and using non-traditional forms of communication such as TOR or Peer to Peer.
In tandem, recent highly effective social engineering ploys, such as those utilised in ransomware, will continue to terrorise businesses.
Speaking of ransomware, victims continue to payoff these cyber criminals and, in turn, the bad guys keep doing what’s working so well for them. As long as they’re being paid, these crafty cybercriminals will continue to innovate new attacks that will push the needle. Remember the attackers are agile and often take advantage of zero-day vulnerabilities and we can only attempt to harden against these.
Unfortunately there is no easy way to “defeat ransomware” but paying the ransom is, in my opinion, ill advised and also there’s no guarantee that you’ll even get the keys to unlock your data.
For all malware infections, prevention is definitely better than cure although, agreed, I personally don’t see a means to impeding infections 100% of the time – but you can shrink the attack surface significantly:
-keep operating systems and software updated
-install robust security defences such as firewalls, IDS, spam and virus filtering and web filtering
-perform regular security awareness training to identify attacks
-always back up your data so if you do fall victim, you can simply restore your files.
Breach Tsunami: The bevy of breaches that occurred during 2015, and the abundance of credit card and other personal information obtained from them, will lead to an increase in spear-phishing and other more targeted attacks.
The veritable treasure trove of private personal information that exists on the cyber underground, coupled with further information gleaned from social media, means criminals can generate highly targeted attacks or used as convincers in fraudulent transactions.
Cyber Warfare: Acts of cyber aggression will continue amongst many nation states including the U.S. and China, as well as remain a tool of warring nations. While we may not be privy to the majority of these attacks against infrastructure or corporate espionage between our collective countries, evidence suggests that the internet has become an important tool in every aspect of our lives including war and politics. Expect this “boots at home” tactic to remain in the playbook as a first move in most conflicts whether it be just reconnaissance or even the disabling of infrastructures and communications.
Internet of Things: Practically every business and even some individuals will have Wi-Fi enabled fixed devices that are controlled remotely – from switching on lights at home to cooling nuclear reactors in power plants.
When vulnerabilities exist in any popular OS, and hackers know about them, it is only a matter of time before they are exploited. The issue is that people are not installing security patches in a timely manner, and inadvertently leaving their devices vulnerable.
Bring Your Own Device (BYOD): No threat list would be complete without referencing this threat. BYOD often provides the business with cost savings and increased productivity/effectiveness from their workforce. However, the security challenge that this movement has created has also left IT departments in a bit of a quandary.
Organizations need to have a BYOD strategy and policy that is appropriate to their situation. Obvious security points to address with the policy include: password enforcement; encryption; device management; access control, etc. should all be kept in mind while still maintaining enough freedom to keep the employee happy.
Striking that balance is important to keeping the organization more secure and at the same time, empowering employees. Of course, that’s often easier said than done as organisations need to properly enforce the policy – something that presents a challenge in its own right. Security training that includes reminders about safe browsing and identifying suspicious links wouldn’t go amiss.
Wearables: The ever-expanding marketplace of health and fitness apps coupled with wearable devices monitoring our every move, heartbeat, and location continue to gain popularity. Compromised or just poor privacy settings could leak this personal data out into the world.
TOR: Often referred to as the ‘Dark’ or ‘Deep Web, TOR continues to attract both the good and bad of society, lured by its promise of anonymity. Facebook’s new experimental move into the TOR network may inspire other reputable services to want to provide anonymous access thereby enticing new users who may have been unwilling to try them beforehand.
While there are legitimate reasons visitors may require secrecy, a great many illegal things have also been discovered on Tor’s network: items that should be protected by fair trade, copywrite and other laws; stolen credit card forums; general hacking services and malware creation. Even the groups behind ransomware, such as CryptoLocker, have begun to demand their ransoms through the TOR network utilizing CryptoCurrency like BitCoin to remain anonymous to authorities and their victims.
It is important to be aware of all of the different ways that Tor can be used and make any necessary adjustments. If this is something that concerns you as a business owner then policy should be put into place that restricts the installation of Tor software. And remember, it always pays to be vigilant. No matter what the circumstance.
Unexposed vulnerabilities: The past few years showed some major issues with secure communication – like that in SSL as leveraged by Heartbleed, and a long time bug in Bash with Shellshock. The discovery of vulnerabilities such as these will continue to be a major goal for attackers and defenders alike.
Mobile Payment Systems: Vendors have been trying hard to change the way we make transactions with features such as Near Field Communication and virtual wallets in mobile devices. Unfortunately, its early adoption has left a lot to be desired thanks to security issues and concerns.
Thanks also to these early flaws, and the attack on the CurrentC payment system through third parties which led to the leak of the email addresses of early adopters, we can expect mobile payment systems and its architectures as a highly likely target of attack. Hopefully the organisations concerned will work aggressively to make digital payments through services such as ApplePay, Google Wallet and CurrentC much more secure.
Individual cloud storage: The use of Dropbox, OneDrive, Box, Google Drive as well as all of the other cloud storage services by individuals as a means to more easily access documents in multiple locations will pose a greater risk to personal as well as professional targets as company documents and data comingle with personal files in the cloud.
It’s also worth noting that using cloud storage for data backup does not automatically negate the risk from Ransomware – in fact MANY previous Ransomware attacks (aka Cryptolocker) have relied on free cloud storage sites like Dropbox to distribute their payload.
Organisations need to limit access to folders within their cloud network to only the individuals that need access to perform their job role. This will help prevent both accidental and purposeful data loss.
Carefully select which devices employees are permitted to use when accessing the cloud, and what types of encryption to use to keep the devices from connecting to unsafe networks.
As mentioned previously, another helpful practice is maintaining regular security training so users know the risks. This will help those who otherwise may inadvertently expose sensitive company data by keeping them on course with best practices.
Staying Safe in 2016
While these ten threats are expected to dominate 2016, this list is in no means exhaustive. Sophisticated attacks will continue to be problematic and perhaps even more difficult to detect.
To help, here is a summary of best practice tips:
Educate users on current threats in the digital landscape, including phishing campaigns, malware and malicious websites Introduce layered security – Adopting a layered security approach is the best way to ensure your business is covered from all angles. While protecting your business from viruses via email filtering is a great start, it doesn’t protect your business from malware threats on the Web and vice versa, so … Shielding your business from as many vulnerabilities to your network as possible is essential to staying ahead of hackers. Don’t skip software and firmware updates; these often contain security patches for vulnerabilities. The longer you go without updating your software, the more susceptible your network is to malware. If any of your software or hardware has reached its end-of-life, meaning the manufacturer will no longer support it or make security patches, it’s time for an upgrade. While it may seem expensive on the front end, it can save you from lost labour, costly fines and lawsuits on the backend.
Of course, there is no “silver bullet” when it comes to online threats. However, with a blended security approach that leverages current intelligence and technology from several sources, combined with regular security training, organisations can prevent most malware from entering their network and deflect threats that might otherwise damage systems.