Cybersecurity Warning: A Look Ahead at the Barrage of Threats Expected in 2017
Cyber extortion and attacks can take many forms—from ransomware to DDoS shakedowns and data-dump blackmail, organizations all over the globe have been directly impacted by these campaigns in 2016. If you thought 2016 was destructive, you can expect 2017 to be even worse. As sophisticated hackers continue to elevate their attacks, gain new capabilities and target PII data and critical business systems, organizations must remain vigilant if they hope to escape the year unscathed.
As we saw in 2016, it no longer matters if you’re organization is directly targeted or not; it could experience collateral damage as the fallout from another business or entity under attack. This year we witnessed the first DDoS attack exceeding 1 Tbps in size, which impacted organizations all over North America, even though they were not a direct target.
So what does 2017 hold for the security of the Internet? As the number of hacks, breaches, threats, and attacks continue to rise, 2017 is certain to be one of the most interesting and tumultuous years yet. With a new year comes new attacks and as such, NSFOCUS identified three key attack vectors that we expect to be particularly problematic, as well as two defense vectors to help organizations prepare for the onslaught of attacks.
As cybercriminals become more adept at carrying out these tactics, there is a good chance that these attacks will become more common
Attacks on Cloud Operators to Increase
Today’s infrastructure built upon cloud computing is one of the most successful developments in information technology. But that does not mean that the attacks that have been launched against so many others are unable to penetrate these cloud-based infrastructures. In fact, the cloud will increasingly be in the cross-hairs of reprobates, hacktivists, nation-states, and terrorist organizations as their next big meal ticket. The defenses in place today have done little to nothing to completely stop their attacks, and it’s not too far off to expect to see some of the largest DDoS and ransomware attacks of all time take place in the cloud in the near future. Attackers who are looking for their next big challenge will set their sights on cloud operations, which are defendable, but not completely immune.
Hackers are Coming for Municipal and Industrial IoT Devices
As more devices become Internet-enabled and accessible, and the security measures in place continue to lag behind, the associated risks are on the rise. While consumer IoT has taken hold across the globe, it is the growing threat against industrial and municipal IoT that should sound the biggest alarm. There are over 30 billion IoT devices expected to be on the Internet by 2020 - many of which will be deployed in industrial settings - and a majority of those organizations like manufacturers and power grids are lacking sufficient safeguards. Not only can these IoT devices be used to potentially attack others, their vulnerable nature may be used against the industrial organizations operating critical infrastructure themselves—opening them up to theft of intellectual property, collecting competitive intelligence, and even the disruption and destruction of critical infrastructure. Not only is the potential scale of these attacks larger, most of these industrial firms do not have the skills in place to deal with web attacks in real-time; which can cause long-lasting, damaging results.
Laterally-spread Ransomware Worms Take Center Stage
Heading into 2017, the days of the single-target ransomware will soon be a thing of the past and the future of these attacks looks bleak. Self-propagating worms of the past like Conficker, SQL Slammer, Nimda, Code Red, etc. will once again return to prominence but this time, possessing the capabilities that can infect hundreds of thousands of machines in less than a day. The future of ransomware will be modular and stealthy, capable of moving laterally, and even bridge air-gapped defenses. Much of this will likely be carried out by the cloud itself, entering networks as so-called trusted files and data. As cybercriminals become more adept at carrying out these tactics, there is a good chance that these attacks will become more common.
Cyber Defenses to the Rescue:
Cyber Threat Intelligence: Crowdsourced Data Turned into Action
Although Threat Intelligence (TI) is still in its early phases of development, it won’t be for long as the industry, governments, and other influential institutions begin to push for crowdsourced TI data. By sharing the available information from attacks on organizations across the board, TI will become more actionable and affordable for the masses, rendering all cyber defenses fully capable of consuming TI in real time, and acting upon the intelligence gained. All organizations, devices, applications, operating systems, and embedded systems will soon be fed TI, and in turn, will pass that information to other organizations based on their own observations of the attacks they’ve experienced.
The Future of Cyber Defense: Automated, Machine Learning, and AI-Enabled Systems
The growth and evolution of the attack vectors listed above will force the Internet community, researchers, corporations, and governments to invest heavily in automation, machine learning, and AI-enabled technology research to protect their enterprises. With these defense systems in place, the automated capabilities allow for self-configuration on the fly. Other defenses will have automated kill-chain capabilities designed to help stop the spread of contamination by immediately detecting infections, and shutting down systems before epidemics spread even further.
As these defenses evolve, they will include machine-learning capabilities for complete awareness of their surroundings—fully capable of detecting the slightest deviations from what is considered “good and normal”, and alert automated blocking engines to take immediate action, all without a human lifting a single finger.
These soon-to-be-realized defenses will also maintain a rate of growth and become increasingly intelligent. They will not only be able to detect anomalies in any type of traffic, user, or device, they will also be capable of inoculating systems on the fly; adapting their immunizations to whatever infection is presented to them. Human-feedback driven AI-enabled technologies are not too far in the future. Work on these concepts has already begun in universities, think-tanks, and research labs all over the globe.