classic | mobile
Follow us on:
Follow us on Facebook  Share via Twitter  Share via LinkedIn
 

Search...
Hi-Tech Security Solutions Business Directory


Cyber security in 2017
February 2017, Cyber Security

2016 saw a huge number and variety of cyber attacks, ranging from a high-profile DDoS events using hijacked Internet-facing security cameras to the alleged hacking of party officials during the US election. We also saw a rising tide of data breaches, from organisations big and small, and significant losses of people’s personal information. Harish Chib, VP MEA for SOPHOS ponders how some of those trends might play out in 2017.

Harish Chib, VP MEA for SOPHOS.
Harish Chib, VP MEA for SOPHOS.

Current and emerging attack trends

Destructive DDoS IOT attacks will rise. In 2016, Mirai (https://en.wikipedia.org/wiki/Mirai_(malware)) showed the massive destructive potential of DDoS attacks as a result of insecure consumer IoT (Internet of Things) devices. Mirai's attacks exploited only a small number of devices and vulnerabilities and used basic password guessing techniques.

However, cybercriminals will find it easy to extend their reach because there are so many IoT devices containing outdated code based on poorly-maintained operating systems and applications with well-known vulnerabilities. Expect IoT exploits, better password guessing and more compromised IoT devices being used for DDoS or perhaps to target other devices in your network.

Shift from exploitation to targeted social attacks

Cybercriminals are getting better at exploiting the ultimate vulnerability – humans. Ever more sophisticated and convincing targeted attacks seek to coax users into compromising themselves. For example, it’s common to see an email that addresses the recipient by name and claims they have an outstanding debt the sender has been authorised to collect. Shock, awe or borrowing authority by pretending to be law enforcement are common and effective tactics. The email directs them to a malicious link that users are panicked into clicking on, opening them up to attack. Such phishing attacks can no longer be recognised by obvious mistakes.

Financial infrastructure at greater risk of attack. The use of targeted phishing and 'whaling' continues to grow. These attacks use detailed information about company executives to trick employees into paying fraudsters or compromising accounts. We also expect more attacks on critical financial infrastructure, such as the attack involving SWIFT-connected institutions, which cost the Bangladesh Central Bank $81 million in February 2016. SWIFT recently admitted that there have been other such attacks and it expects to see more, stating in a leaked letter to client banks: "The threat is very persistent, adaptive and sophisticated – and it is here to stay".

Flaky infrastructure

Exploitation of the Internet’s inherently insecure infrastructure. All Internet users rely on ancient foundational protocols, and their ubiquity makes them nearly impossible to revamp or replace. These archaic protocols that have long been the backbone of the Internet and business networks are sometimes surprisingly flaky.

For example, attacks against BGP (Border Gateway Protocol) could potentially disrupt, hijack, or disable much of the Internet. And the DDoS attack on Dyn in October (launched by a myriad of IoT devices), took down the DNS provider and, along with it, access to part of the Internet. It was one of the largest assaults seen and those claiming responsibility said that it was just a dry run. Large-scale ISPs and enterprises can take some steps to respond, but these may well fail to prevent serious damage if individuals or states choose to exploit the Internet's deepest security flaws.

Increased attack complexity

Attacks increasingly bring together multiple technical and social elements, and reflect careful, lengthy probing of the victim organisation's network. Attackers compromise multiple servers and workstations long before they start to steal data or act aggressively. Closely managed by experts, these attacks are strategic, not tactical, and can cause far more damage. This is a very different world to the pre-programmed and automated malware payloads we used to see – patient and evading detection.

More attacks using built-in admin languages and tools. We see more exploits based on PowerShell, Microsoft's language for automating administrative tasks. As a scripting language, PowerShell evades countermeasures focused on executables. We also see more attacks using penetration testing and other administrative tools that may already exist on the network, need not be infiltrated, and may not be suspected. These powerful tools require equally strong controls.

Ransomware evolves

As more users recognise the risks of ransomware attack via email, criminals are exploring other vectors. Some are experimenting with malware that re-infects later, long after a ransom is paid, and some are starting to use built-in tools and no executable malware at all to avoid detection by endpoint protection code that focuses on executable files. Recent examples have offered to decrypt files after the victim shared the ransomware with two friends, and those friends paid to decrypt their files.

Ransomware authors are also starting to use techniques other than encryption, for example deleting or corrupting file headers. And finally, with ‘old’ ransomware still floating around the web, users may fall victim to attacks that can't be ‘cured’ because payment locations no longer work.

Emergence of personal IoT attacks

Users of home IoT devices may not notice or even care if their baby monitors are hijacked to attack someone else's website. But once attackers 'own' a device on a home network, they can compromise other devices, such as laptops containing important personal data. We expect to see more of this as well as more attacks that use cameras and microphones to spy on households. Cyber criminals always find a way to profit.

Growth of malvertising

Malvertising, which spreads malware through online ad networks and web pages, has been around for years, but in 2016 we saw much more of it. These attacks highlight larger problems throughout the advertising ecosystem, such as click fraud, which generates paying clicks that don't correspond to real customer interest. Malvertising has actually generated click fraud, compromising users and stealing from advertisers at the same time.

The downside of encryption

As encryption becomes ubiquitous, it has become much harder for security products to inspect traffic, making it easier for criminals to sneak through undetected. Unsurprisingly, cybercriminals are using encryption in creative new ways. Security products will need to tightly integrate network and client capabilities, to rapidly recognise security events after code is decrypted on the endpoint.

Virtualised and cloud exploits

Attacks against physical hardware (e.g. Rowhammer) raise the possibility of dangerous new exploits against virtualised cloud systems. Attackers might abuse the host or other guests running on a shared host, attack privilege models, and conceivably access others' data. And, as Docker and the entire container (or ‘serverless’) eco-system become more popular, attackers will increasingly seek to discover and exploit vulnerabilities in this relatively new trend in computing. We expect active attempts to operationalise such attacks.

Technical attacks against states and societies

Technology-based attacks have become increasingly political. Societies face growing risks from both disinformation (e.g., 'fake news') and voting system compromise. For instance, researchers have demonstrated attacks that might allow a local voter to fraudulently vote repeatedly without detection. Even if states never engage in attacks against their adversaries' elections, the perception that these attacks are possible is itself a powerful weapon.


  Share via Twitter   Share via LinkedIn      

Further reading:

  • Trusted Platform Module explained
    May 2017, Bosch Security Systems, This Week's Editor's Pick, CCTV, Surveillance & Remote Monitoring, Cyber Security
    Bosch IP cameras, encoders and selected storage systems have an onboard security chip – actually a system-on-a-chip called the Trusted Platform Module – that provides functionality similar to crypto smartcards.
  • Procore Trading
    Securex 2017 preview, Cyber Security
    Procore Trading’s Intimus 9000 Degausser uses most modern APT technology to erase information from hard drives. The Intimus 9000 produces an erasing field many times stronger than those produced by the ...
  • Security skills shortage?
    May 2017, Galix Networking, Cyber Security
    We’re currently faced with a global information security skills crisis with an expected deficit of 1.5 million people within five years.
  • Niall Beazley looks at some of the issues end users should consider when deciding on surveillance solutions: you get what you pay for.
    May 2017, Vision Catcher, CCTV, Surveillance & Remote Monitoring, Cyber Security, Integrated Solutions
    Niall Beazley looks at some of the issues end users should consider when deciding on surveillance solutions: you get what you pay for.
  • IoT running wild compromises security
    May 2017, Genetec, This Week's Editor's Pick, CCTV, Surveillance & Remote Monitoring, Cyber Security
    Constant connectivity and the rapid flow of information may offer new and convenient ways to do business and create value, but it also places the corporate network at significant risk.
  • Are you afraid of the dark (net)?
    May 2017, J2 Software, This Week's Editor's Pick, Cyber Security
    Given the recent global malware attacks, you should be, argues John McLoughlin, MD, J2 Software. Worst of all, you are probably not aware you have been hacked.
  • Accelerating the community theme
    May 2017, Milestone Systems, This Week's Editor's Pick, CCTV, Surveillance & Remote Monitoring, Cyber Security, News
    Milestone Community Days EMEA (MIPS) in Dubai highlighted the company’s platform strategy, connected products for the small and medium-sized businesses and higher performing software.
  • Securing your security
    April 2017, Technews Publishing, CCTV, Surveillance & Remote Monitoring, Cyber Security, Integrated Solutions, IT infrastructure
    The digital age has not only seen the security industry migrate to IP, but is now forcing it to be aware of the latest cyber security risks.
  • Wireless works for CCTV
    April 2017, MiRO Distribution, RADWIN, CCTV, Surveillance & Remote Monitoring, Cyber Security
    Wireless networking is a reasonable choice for surveillance, as long as one uses the right technology and plans correctly.
  • Be prepared for these three cyber threats
    April 2017, Milestone Systems, This Week's Editor's Pick, CCTV, Surveillance & Remote Monitoring, Cyber Security, Integrated Solutions
    A person or organisation with malicious intent can harm or sabotage a VMS system in several ways. This means that people or assets could be at risk.
  • Cybersecurity: an electronic security distributor’s view
    April 2017, Tyco Security Products, This Week's Editor's Pick, CCTV, Surveillance & Remote Monitoring, Cyber Security
    Over 79% of South African internet users who have lost money at the hands of cyber criminals have only got some, or none, of their stolen funds back.
  • Weaponised IoT attacks: what does the future hold?
    April 2017, This Week's Editor's Pick, Cyber Security
    The first Mirai attack was a portend of the new, dark era in cybercrime and the physical security industry is right in the middle.

 
 
         
Contact:
Technews Publishing (Pty) Ltd
1st Floor, Stabilitas House
265 Kent Ave, Randburg, 2194
South Africa
Publications by Technews
Dataweek Electronics & Communications Technology
Electronic Buyers Guide (EBG)

Hi-Tech Security Solutions
Hi-Tech Security Business Directory (HSBD)

Motion Control in Southern Africa
Motion Control Buyers’ Guide (MCBG)

South African Instrumentation & Control
South African Instrumentation & Control Buyers’ Guide (IBG)
Other
Terms & conditions of use, including privacy policy
PAIA Manual
         
    Mobile | Classic

Copyright © Technews Publishing (Pty) Ltd. All rights reserved.