By: Stephen Gates, Chief Research Intelligence Analyst, NSFOCUS
Cyber extortion and attacks can take many forms – from ransomware to DDoS shakedowns and data-dump blackmail, organizations all over the globe have been directly impacted by these campaigns in 2016. This year we saw the first DDoS attack exceeding 1Tbps in size and the proliferation of attacks by IoT botnets, among countless other new methods that hackers have perfected to gain entry into organizations and disrupt day-to-day business. If you thought 2016 was bad, you can expect 2017 to be even worse as sophisticated hackers set their sights on bigger targets and continue to evolve their practices.
As the number of these incidents continues to rise, NSFOCUS has identified a few attack vectors that we expect to be particularly problematic in the year ahead as well as two defense vectors to help organizations prepare for the onslaught of attacks.
Attack Vectors:
- The Weaponization of Industrial and Municipal IoT – As more devices become Internet-enabled and accessible and the security measures in place continue to lag behind, the associated risks are on the rise. We have seen a growing threat against industrial and municipal IoT as leading manufacturers and grid power produce, among others, transition to Industry 4.0 without implementing sufficient safeguards. This can lead to theft of intellectual property, collecting competitive intelligence and even the disruption or destruction of critical infrastructure.
- Targeting the Cloud Operators – The cloud-computing infrastructure of today is one of the most successful developments in information technology. However, that doesn’t mean these operators aren’t just as vulnerable as every other organization. Reprobates, hacktivists, nation-states, and terrorist organizations will likely take aim at the cloud in 2017, leading to some of the largest DDoS and ransomware attacks of all time.
- The Advancement of Laterally-Spread Ransomware Worms –Next-generation ransomware will soon have the attributes of the self-propagating worms of the past. Worms like Conficker, SQL Slammer, Nimda, Code Red, etc. will once again become the norm however, this time they will carry ransomware payloads capable of infecting hundreds of machines in no time at all. The future of ransomware will be modular and stealthy, capable of moving laterally, and even bridge air-gapped defenses.
Defense Vectors:
- The Growth of Crowdsourced, Actionable Threat Intelligence – Although Threat Intelligence (TI) is still in its infancy, it won’t be for long as the industry, governments, and other influential institutions will begin to heavily encourage all organizations to crowdsource TI data. This effort will make TI more actionable and affordable for the masses. Soon, all cyber defenses will be fully capable of consuming TI in real-time, acting upon the intelligence gained, and also delivering upstream crowdsource capabilities.
- The Rise of the Automated, Machine Learning, and Artificially Intelligence (AI)-Enabled Defenses – The attack predictions mentioned above will force the Internet community, researchers, corporations, and governments to heavily fund automation, machine learning, and AI-enabled technology research. These defenses will incorporate automated capabilities to allow for self-configuration on the fly. Others will have automated kill-chain capabilities designed to help stop the spread of contamination by immediately detecting infections, and shutting down systems before epidemics spread even further. These soon-to-be-realized defenses will become increasingly intelligent – not only able to detect anomalies in any type of traffic, user, or device – they will also be capable of inoculating systems in real time; adapting their immunizations to whatever infection is presented to them.
For additional insight into each of the above predictions, read our full article on Virtual Strategy Magazine.