Most dangerous new cyber security threats 2017: ransomware, spearphishing, IoT botnets
If last week's Wannacry NHS ransomware attack has taught us anything, it's that malicious activity is very much alive and kicking and that most organisations are either not prepared or their cyber security departments are under funded.
Vendors and malicious actors are permanently joined at the hip with security companies racing to react to the latest emerging threats, and attackers circumventing these defences all the time.
Many of these threats first became apparent in recent years but have recently swelled – with no end in sight. Read on for some of the most dangerous cyber security attacks every organisation faces in 2017.
Ransomware is the act of holding an organisation’s data to ransom for cash, and in 2016 these types of attacks rose at a phenomenal rate. According to a recent report from SonicWall, ransomware attempts swelled from 3.8 million in 2015 to 638 million last year – and as much as $209 million had been paid out in the first quarter of last year alone.
Ransomware is a worry for any organisation, but in particular, attacks have been ramped up against utilities and hospitals where data is absolutely vital for day-to-day operations. Although far and away most security experts recommend anything but paying the ransom, it’s easy to see why some organisations do it – when the demanded payments are just about affordable enough to justify the cost against downtime. But there’s no guarantee that, once paid, the locked data will be restored.
The most common ransomware type by far is called ‘Locky’ – which often arrives as a word document that asks the user to enable macros. Once this is enabled, the file runs a downloader in the background and installs Locky Ransomware, which then scrambles data on all available drives and typically demands a Bitcoin payment.
2. IoT botnets
Gartner expects 8.4 billion ‘things’ connected to the internet around the world this year, providing opportunity for denial of service attacks at a scale never seen before. In late 2016, an enormous DDoS attack was pointed at DNS provider Dyn using something called the Mirai botnet, which was launched from a huge number of IoT devices, likely at a Dyn customer. The attack on internet infrastructure took down a large number of popular internet services, including parts of Twitter, Github, storage service Box and the Playstation Network. It proved at the time that many service providers were ill-equipped to deal with the scope of the attack, and researchers at the time said they had monitored IoT botnets recruiting other botnets at scale before the attack took place.
Although businesses are starting to wake up to the security threat from IoT devices – which are often built for affordability with security as a secondary consideration – the code for Mirai went public in October last year.
3. Spearphishing and whaling attacks
Phishing attacks have long been an established threat – but they’re now more targeted and sophisticated than ever before. Spearphishing is the process of sending a fraudulent email from a trusted account to a targeted individual, usually with the intention to scam the recipient out of money. ‘Whaling’ takes this concept one further and involves targeting high-worth individuals, often within an organisation to get them to send money to a fraudulent account. The FBI calls these business email compromise scams – and well-known companies have fallen for them. For example, a finance executive at toymaker Mattel signed off on a $3 million transaction to the Bank of Wenzhou, China, believing it to be a legitimate request.
And according to recent research from security vendor Proofpoint, social media phishing attacks grew 500 percent in volume from the start of 2016 compared to the end. This included what the company calls ‘angler’ phishing, where fraudulent customer service accounts – from PayPal, for instance – intrude on interactions between customers and businesses.
4. Business Process Compromise attacks
Vendor Trend Micro describes the Business Process Compromise as a relatively recent phenomenon as a way for attackers to manipulate the day-to-day running of operations in their favour. It targets, the company says, the “unique processes or machines facilitating these processes to quietly manipulate them for the attacker’s benefit”. For example, in 2013 drug traffickers managed to hack into the backend of a port in Antwerp – targeting the IT systems that tracked the movement and location of containers, and this made it easier for the drug traffickers to retrieve their cargo.
5. Machine learning-enabled attacks
Both vendors and attackers are turning to artificial intelligence to strengthen their capabilities. According to a recent Intel Security report, machine learning is likely to become useful in evolving successful social engineering attacks, particularly considering the rate of development in AI.
By combining publicly available data with complex analysis tools and Intel Security believes it would be possible to pick targets more precisely and with a greater level of success.
In its report, Intel Security notes that machine learning tools are “force multipliers for those of us in security roles”, and that it would “be negligent to assume cybercriminals are not also adopting these powerful tools”.
Since its mid-2016 discovery, Mirai has evolved to become one of the most powerful security threats
Best practice tips and advice for Internet of Things security