We are living in a world where cybercrime is the greatest threat to every business. Today’s news headlines are littered with the latest data breach or attack, and these will only proliferate as the years go on. What’s more, attackers are even broadening their approach to cyberattacks in order to strengthen their potential impact, causing cybercrime damages to cost the world $6 trillion annually by 2021.
A new bar has been set for cybersecurity teams across all industries to defend their assets in the coming year. This is especially important for IT service providers, whose clients are trusting them to keep their IT systems and environments protected from harm. But in order to prepare for the future, sometimes you need to analyze and learn from the past. So, let’s take a look back on the top cyber threats the industry has had to face in 2017.
Ransomware is a type of malware that blocks access to a victim’s assets and demands money to restore that access. Almost all ransomware today is “crypto-ransomware,” which blocks access to a victim’s files through encryption. Essentially, it holds the data and files hostage, demanding ransom payment in order to unlock and regain access to the information.
There are many different strains of ransomware, and they continue to multiply. Locky, CryptoWall, and CryptXXX are a few major ones that come to mind, but the list goes on and on. Most recently, a new ransomware campaign has hit a number of high profile targets in Russia and Eastern Europe. Dubbed “Bad Rabbit,” the ransomware first started infecting systems on Tuesday by posing as an Adobe update before locking down computers and demanding money. This is yet another example of how cybercriminals are using ransomware to try to extort money from victims across the globe—even drawing comparisons to this year's WannaCry and Petya epidemics.
As a means of cyber attack, ransomware has been around for a while—at least over a decade. But why has its use and popularity exploded in the past couple of years?
The first reason behind this is the fact that ransomware is easy to access. With ransomware-as-a-service, for example, it makes things extremely easy for cybercriminals to rent the architecture needed to deploy attacks and collect money. Accordingly, the second reason is that ransomware allows for fast money. With users and organizations willing to pay up, even hackers with modest technical skills can quickly generate thousands of dollars in extorted income.
2. Social Engineering
Social engineering is the art of tricking or manipulating a user into giving up sensitive or confidential information. Typically, these attacks involve email or other communication that invokes urgency, fear or similar emotions in the victim that leads them to take prompt action. While most email savvy employees probably assume they can identify a scam email, these kinds of attacks are becoming much more sophisticated.
The reason social engineering is so dangerous and difficult to protect against is because it involves a human element, often exploiting people’s willingness to be helpful. Phishing, spear phishing, and baiting are all common examples of social engineering attacks. The main purpose of these attacks can range from tricking the recipient into sharing personal or financial information, to clicking on a link that installs malware and infects the device.
3. Internet of Things (IoT) and Mobility
There’s no denying that Internet of Things (IoT) brings an unprecedented level of connectivity and convenience to our modern lives. Unfortunately, with these benefits also comes plenty of opportunity for hackers.
For example, the DDoS attack on Dyn last year was made possible by a botnet that targeted IoT devices such as wireless routers, security cameras and digital video recorders. Now, experts are sounding the alarm about the emergence of what appears to be a far more powerful strain of IoT attack malware—variously named “Reaper” and “IoTroop”—that spreads via security holes in IoT software and hardware.
In connection with IoT-related threats, mobile devices, especially those owned by individuals of influence and wealth, have become even more vulnerable. However, this doesn’t just affect the user of the device, it also impacts the employer. With trends like BYOD, a prevalence of company phones and tablets are being brought into the workplace, and there seems to be a general lack of safety protocols regarding their use.
4. Backdoor Vulnerabilities
As we saw with IoT, we are living in an age of increased connectivity. However, this can open the door to new vulnerabilities. As businesses connect to and access outside servers and systems, it often opens an opportunity for someone else to reach in. This is known as a “backdoor vulnerability.”
Nowadays, attackers only need to find a single weakness to exploit in a target network to succeed. This mostly comes in the form of unpatched, outdated programs and software. In fact, the most common unpatched and exploited programs are browser add-in programs like Adobe Reader and other programs people often use to make surfing the web easier.
Here are some of the most common ways backdoor vulnerabilities may exist:
- Unpatched applications. Attackers can find faults in desktop and workstation applications—such as email— and implant Trojans for future compromise, or even crash systems. Further exploitation can occur if the compromised workstation has administrative privileges on the rest of the network.
- Too many privileged users. In many companies, IT personnel have blanket access to all devices and data, which can put that organization at significant risk if the controls were to fall in the wrong hands.
- Use of null or default passwords.<> Administrators sometimes create privileged users in a rush and leave the password null. Similarly, if the system operator password is the same at all levels, this allows complete access to all devices and data within the network. This serves as a perfect entry point for malicious users who discover the user.
5. Human Error and Insider Threat
Unfortunately, one of the greatest threats to security has nothing to do with the technology, but the people. Humans are a big cybersecurity vulnerability, and the breaches they cause can either be intentional or unintentional. For example, it could be a result of a single employee’s carelessness, or even a disgruntled employee seeking revenge.
What’s more, most businesses are unaware that the greatest security threat could be internal. You’ll notice that the majority of the above threats are external, yet businesses aren’t paying enough attention to the avoidable consequences of human error and insider threat. As a result, it leaves their internal points of access vulnerable, allowing hackers to find advanced ways to enter systems with credentials that appear legitimate and gain access to sensitive data.
By Meaghan Moraes
By George Anderson